Two vulnerabilities were identified in Clam AntiVirus (ClamAV), which could be
exploited by remote attackers or malware to execute arbitrary commands or cause
a denial of service.
The first issue is due to a buffer overflow error in "libclamav/upx.c" when
processing malformed UPX-packed executables, which could be exploited by
attackers to compromise a vulnerable system by sending, to a vulnerable
application, emails containing specially crafted files.
The second issue is due to an error in "libclamav/fsg.c" when processing
specially crafted FSG-packed executables, which could be exploited by attackers
to cause the application to enter an infinite loop.
update to 0.87 available
clamav-0.87 is already in portage, all arch keywords bumped to unstable. I can
stabilize x86, as well as amd64, as I'm using clamav on both arches quite
Archs, test and mark stable :
Target KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Andrej: feel free to mark on archs you test on, just remove them from Cc: if you do.
Stable on x86 and amd64.
Stable on ppc and hppa.
Stable on SPARC.
Stable on alpha.
stable on ppc64
ia64 should mark stable to benefit from GLSA