Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-233-1 clamav

Debian Security Advisory

DLA-233-1 clamav -- LTS security update

Date Reported:

28 May 2015

Affected Packages:

clamav

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-9328, CVE-2015-1461, CVE-2015-1462, CVE-2015-1463, CVE-2015-2170, CVE-2015-2221, CVE-2015-2222, CVE-2015-2668.

More information:

Upstream published version 0.98.7. This update updates sqeeze-lts to the latest upstream release in line with the approach used for other Debian releases.

The changes are not strictly required for operation, but users of the previous version in Squeeze may not be able to make use of all current virus signatures and might get warnings.

The bug fixes that are part of this release include security fixes related to packed or crypted files (CVE-2014-9328, CVE-2015-1461, CVE-2015-1462, CVE-2015-1463, CVE-2015-2170, CVE-2015-2221, CVE-2015-2222, and CVE-2015-2668) and several fixes to the embedded libmspack library, including a potential infinite loop in the Quantum decoder (CVE-2014-9556).

If you use clamav, we strongly recommend that you upgrade to this version.