Medium: clamav

Issue Overview:

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. (CVE-2015-2221)

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. (CVE-2015-2668)

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. (CVE-2015-2222)

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. (CVE-2015-2170)

Affected Packages:

clamav

Issue Correction:
Run yum update clamav to update your system.

New Packages:

i686:  
    clamd-0.98.7-1.12.amzn1.i686  
    clamav-db-0.98.7-1.12.amzn1.i686  
    clamav-debuginfo-0.98.7-1.12.amzn1.i686  
    clamav-0.98.7-1.12.amzn1.i686  
    clamav-lib-0.98.7-1.12.amzn1.i686  
    clamav-server-0.98.7-1.12.amzn1.i686  
    clamav-devel-0.98.7-1.12.amzn1.i686  
    clamav-update-0.98.7-1.12.amzn1.i686  
    clamav-milter-0.98.7-1.12.amzn1.i686  
  
noarch:  
    clamav-filesystem-0.98.7-1.12.amzn1.noarch  
    clamav-server-sysvinit-0.98.7-1.12.amzn1.noarch  
    clamav-scanner-0.98.7-1.12.amzn1.noarch  
    clamav-milter-sysvinit-0.98.7-1.12.amzn1.noarch  
    clamav-data-empty-0.98.7-1.12.amzn1.noarch  
    clamav-data-0.98.7-1.12.amzn1.noarch  
    clamav-scanner-sysvinit-0.98.7-1.12.amzn1.noarch  
  
src:  
    clamav-0.98.7-1.12.amzn1.src  
  
x86_64:  
    clamav-0.98.7-1.12.amzn1.x86_64  
    clamav-update-0.98.7-1.12.amzn1.x86_64  
    clamd-0.98.7-1.12.amzn1.x86_64  
    clamav-server-0.98.7-1.12.amzn1.x86_64  
    clamav-milter-0.98.7-1.12.amzn1.x86_64  
    clamav-db-0.98.7-1.12.amzn1.x86_64  
    clamav-debuginfo-0.98.7-1.12.amzn1.x86_64  
    clamav-lib-0.98.7-1.12.amzn1.x86_64  
    clamav-devel-0.98.7-1.12.amzn1.x86_64  

Additional References

Red Hat: CVE-2015-2170, CVE-2015-2221, CVE-2015-2222, CVE-2015-2668

Mitre: CVE-2015-2170, CVE-2015-2221, CVE-2015-2222, CVE-2015-2668