clamav was updated to version 0.98.5 to fix three security issues and several non-security issues.
These security issues have been fixed:
* Crash when scanning maliciously crafted yoda's crypter files (CVE-2013-6497). * Heap-based buffer overflow when scanning crypted PE files (CVE-2014-9050). * Crash when using 'clamscan -a'.
These non-security issues have been fixed:
* Support for the XDP file format and extracting, decoding, and scanning PDF files within XDP files. * Addition of shared library support for LLVM versions 3.1 - 3.5 for the purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures. * Enhancements to the clambc command line utility to assist ClamAV bytecode signature authors by providing introspection into compiled bytecode programs. * Resolution of many of the warning messages from ClamAV compilation. * Improved detection of malicious PE files. * ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode (bnc#904207). * Fix server socket setup code in clamd (bnc#903489). * Change updateclamconf to prefer the state of the old config file even for commented-out options (bnc#903719). * Fix infinite loop in clamdscan when clamd is not running. * Fix buffer underruns when handling multi-part MIME email attachments. * Fix configuration of OpenSSL on various platforms. * Fix linking issues with libclamunrar.
* CVE-2013-6497 <<a rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6497">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6497</a>> * CVE-2014-9050 <<a rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9050">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9050</a>>