clamav: multiple issues

• CVE-2015-2170 (denial of service)

A flaw has been found in the UPX decoder with crafted files. During
unpacking there are two range checks which are implemented "manually".
Those checks lack the detection of overflows which are considered by the
CLI_ISCONTAINED() macro.

• CVE-2015-2221 (denial of service)

Y0da cryptor / protector is a PE file encryptor - the executable file is
decrypted on start up. Clamav is able to decrypt such files in order to
scan them. As part of the decryptor there is an op code emulator. A
special crafted file may contain a jump op code to a position that
already has been interpreted - which leads to an endless loop. This
leads to an endless loop in clamav itself.

• CVE-2015-2222 (denial of service)

Petite is a tool for compressing PE files on windows. Clamav is a virus
scanning tool which is able to unpack such files during scanning. Once
the file has been identified as "petite" compressed before the
decompressing process is started it is possible that a specially crafted
file tells clamav to read more data than it allocated memory. On glibc
it leads to SIGABRT on free() since glibc’s malloc() recognizes this.

• CVE-2015-2305 (arbitrary code execution)

An upstream patch for possible heap overflow in Henry Spencer’s regex
library has been applied. The flaw is within an integer overflow in the
regcomp implementation in the Henry Spencer regex library on 32-bit
platforms, might allow context-dependent attackers to execute arbitrary
code via a large regular expression that leads to a heap-based buffer
overflow.

• CVE-2015-2668 (denial of service)

A flaw has been discovered that is leading to an infinite loop condition
on a crafted "xz" archive file.