[SECURITY] [DLA 95-1] clamav security update

Type debian
Reporter Debian
Modified 2014-12-02T21:37:38


[ this was initially sent on 2014-11-27, but did not reach the list due to a mistake on my side ]

Package : clamav Version : 0.98.1+dfsg-1+deb6u4 CVE ID : CVE-2014-9050 CVE-2013-6497 Debian Bug : #770985

Two bugs were discovered in clamav and are fixed by this release.

One issue is in clamscan, the command line anti-virus scanner included in the package, which could lead to crashes when scanning certain files (CVE-2013-6497). The second issue is in libclamav which caused a heap buffer overflow when scanning a specially crafted y0da Crypter obfuscated PE file (CVE-2014-9050). Note that this is remotely exploitable when ClamAV is used as a mail gateway scanner.

If you use clamav, we highly recommend that you upgrade to this version.