Summary: | <app-antivirus/clamav-0.98.6: Multiple vulnerabilities (CVE-2014-9328,CVE-2015-{1461,1462,1463}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Marc Schiffbauer <mschiff> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | antivirus, barzog, bug, hanno, net-mail+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 548066 | ||
Bug Blocks: |
Description
Marc Schiffbauer
2015-01-28 18:21:33 UTC
CVE-2015-1463 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1463): ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization." CVE-2015-1462 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1462): ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." CVE-2015-1461 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1461): ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition." CVE-2014-9328 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9328): ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition." @maintainers: Package is already in tree, please call for stabilization when appropriate. Any blockers here? sorry for the delay I've been quite busy lately so not too much time on Gentoo (even though I try to keep up on security issues, but I missed this one - and the next one in the dependency bug). Since there's no point in stabilizing this I just add a depend on the 0.98.6 security bug #548066 This issue was resolved and addressed in GLSA 201512-08 at https://security.gentoo.org/glsa/201512-08 by GLSA coordinator Yury German (BlueKnight). |