Medium: clamav

2015-06-02T22:36:00
ID ALAS-2015-537
Type amazon
Reporter Amazon
Modified 2015-06-02T22:36:00

Description

Issue Overview:

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. (CVE-2015-2221 __)

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. (CVE-2015-2668 __)

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. (CVE-2015-2222 __)

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. (CVE-2015-2170 __)

Affected Packages:

clamav

Issue Correction:
Run yum update clamav to update your system.

New Packages:

i686:  
    clamd-0.98.7-1.12.amzn1.i686  
    clamav-db-0.98.7-1.12.amzn1.i686  
    clamav-debuginfo-0.98.7-1.12.amzn1.i686  
    clamav-0.98.7-1.12.amzn1.i686  
    clamav-lib-0.98.7-1.12.amzn1.i686  
    clamav-server-0.98.7-1.12.amzn1.i686  
    clamav-devel-0.98.7-1.12.amzn1.i686  
    clamav-update-0.98.7-1.12.amzn1.i686  
    clamav-milter-0.98.7-1.12.amzn1.i686

noarch:  
    clamav-filesystem-0.98.7-1.12.amzn1.noarch  
    clamav-server-sysvinit-0.98.7-1.12.amzn1.noarch  
    clamav-scanner-0.98.7-1.12.amzn1.noarch  
    clamav-milter-sysvinit-0.98.7-1.12.amzn1.noarch  
    clamav-data-empty-0.98.7-1.12.amzn1.noarch  
    clamav-data-0.98.7-1.12.amzn1.noarch  
    clamav-scanner-sysvinit-0.98.7-1.12.amzn1.noarch

src:  
    clamav-0.98.7-1.12.amzn1.src

x86_64:  
    clamav-0.98.7-1.12.amzn1.x86_64  
    clamav-update-0.98.7-1.12.amzn1.x86_64  
    clamd-0.98.7-1.12.amzn1.x86_64  
    clamav-server-0.98.7-1.12.amzn1.x86_64  
    clamav-milter-0.98.7-1.12.amzn1.x86_64  
    clamav-db-0.98.7-1.12.amzn1.x86_64  
    clamav-debuginfo-0.98.7-1.12.amzn1.x86_64  
    clamav-lib-0.98.7-1.12.amzn1.x86_64  
    clamav-devel-0.98.7-1.12.amzn1.x86_64