From Changelog: Security fix for ClamAV crash when using 'clamscan -a'. This issue was identified by Kurt Siefried of Red Hat. Security fix for ClamAV crash when scanning maliciously crafted yoda's crypter files. This issue, as well as several other bugs fixed in this release, were identified by Damien Millescamp of Oppida. http://blog.clamav.net/2014/11/clamav-0985-has-been-released.html No more details yet.
This sounds more severe: http://www.openwall.com/lists/oss-security/2014/11/21/12 Please update as soon as possible.
Thanks for reminding me Hanno. I am guilty of seeing the release mail for 0.98.5 but not reading it (therefore I hadn't noticed the security fix) Looking at it now (just deciding what to do about the new feature which requires libjson-c)
Committed. I assume you want it stabilized asap but leaving the rest to Security Team.
Maintainer(s): Please let us know when the ebuild is ready for stabilization, or call for stabilization. Notes on compromise: A heap buffer overflow was reported in [1] in ClamAV when scanning a specially crafted y0da Crypter obfuscated PE file. Note that this is remotely exploitable when ClamAV is used as a mail gateway scanner.
Works for me on 2 machines so afaik ok -> STABLEREQ + CC Arch teams no extensive tests yet but compiles and runs for me -- amd64
amd64 stable
x86 stable
Stable for HPPA.
ppc64 stable
sparc stable
alpha stable
ppc stable
ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
CVE-2014-9050 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9050): Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.95.4 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.
Arches, Thank you for your work Maintainer(s), please drop the vulnerable version(s). New GLSA Request filed.
+ 09 Dec 2014; Sergey Popov <pinkbyte@gentoo.org> package.mask: + Mask vulnerable versions of app-antivirus/clamav
This issue was resolved and addressed in GLSA 201412-05 at http://security.gentoo.org/glsa/glsa-201412-05.xml by GLSA coordinator Mikle Kolyada (Zlogene).
removed old versions after waiting a bit in case there were some issues/complaints.