This is a whitepaper discussing mitigation of the Ghost glibc vulnerability as discussed in CVE-2015-0235.
Monthly Archives: January 2015
McAfee Data Loss Prevention Endpoint Privilege Escalation
McAfee Data Loss Prevention Endpoint version 9.3.200.23 suffers from an arbitrary write privilege escalation vulnerability.
Kaspersky: DDoS Attack Can Cost a Company More Than $400K – MSP Mentor
Cyber Sleuths Find 'Smoking Gun' Linking British Spy Agency to Regin Malware – Mashable
In 2015, Omnichannel And Big Data Will Bring Channel Marketing To The Next Level – Channel Marketer Report
Spying Program Leaked By Snowden is Tied To Campaign in Many Countries – Reuters
Hackers to Target Smart TV Sets After Phones, Kaspersky Predicts – Bloomberg
Fedora 21 Security Update: websvn-2.3.3-8.fc21
Fedora 21 Security Update: openstack-glance-2014.1.3-4.fc21
Fedora 20 Security Update: clamav-0.98.6-1.fc20
Resolved Bugs
1187050 – CVE-2014-9328 clamav: heap out of bounds condition with crafted upack packer files
1187051 – CVE-2014-9328 clamav: heap out of bounds condition with crafted upack packer files [fedora-all]
1186634 – new version avaliable upstream<br
ClamAV 0.98.6
=============
ClamAV 0.98.6 is a bug fix release correcting the following:
* library shared object revisions.
* installation issues on some Mac OS X and FreeBSD platforms.
* includes a patch from Sebastian Andrzej Siewior making ClamAV pid files compatible with systemd.
* Fix a heap out of bounds condition with crafted Yoda’s crypter files. This issue was discovered by Felix Groebert of the Google Security Team.
* Fix a heap out of bounds condition with crafted mew packer files. This issue was discovered by Felix Groebert of the Google Security Team.
* Fix a heap out of bounds condition with crafted upx packer files. This issue was discovered by Kevin Szkudlapski of Quarkslab.
* Fix a heap out of bounds condition with crafted upack packer files. This issue was discovered by Sebastian Andrzej Siewior. CVE-2014-9328.
* Compensate a crash due to incorrect compiler optimization when handling crafted petite packer files. This issue was discovered by Sebastian Andrzej Siewior.