Security update for clamav (important)

clamav was updated to version 0.98.5 to fix three security issues and
several non-security issues.

These security issues have been fixed:

   * Crash when scanning maliciously crafted yoda's crypter files
     (CVE-2013-6497).
   * Heap-based buffer overflow when scanning crypted PE files
     (CVE-2014-9050).
   * Crash when using 'clamscan -a'.

These non-security issues have been fixed:

   * Support for the XDP file format and extracting, decoding, and
     scanning PDF files within XDP files.
   * Addition of shared library support for LLVM versions 3.1 - 3.5 for
     the purpose of just-in-time(JIT) compilation of ClamAV bytecode
     signatures.
   * Enhancements to the clambc command line utility to assist ClamAV
     bytecode signature authors by providing introspection into compiled
     bytecode programs.
   * Resolution of many of the warning messages from ClamAV compilation.
   * Improved detection of malicious PE files.
   * ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode
     (bnc#904207).
   * Fix server socket setup code in clamd (bnc#903489).
   * Change updateclamconf to prefer the state of the old config file
     even for commented-out options (bnc#903719).
   * Fix infinite loop in clamdscan when clamd is not running.
   * Fix buffer underruns when handling multi-part MIME email attachments.
   * Fix configuration of OpenSSL on various platforms.
   * Fix linking issues with libclamunrar.

Security Issues:

   * CVE-2013-6497
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6497">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6497</a>&gt;
   * CVE-2014-9050
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9050">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9050</a>&gt;