Resolved Bugs
1187050 – CVE-2014-9328 clamav: heap out of bounds condition with crafted upack packer files
1187052 – CVE-2014-9328 clamav: heap out of bounds condition with crafted upack packer files [epel-all]
1186634 – new version avaliable upstream<br
ClamAV 0.98.6
=============
ClamAV 0.98.6 is a bug fix release correcting the following:
* library shared object revisions.
* installation issues on some Mac OS X and FreeBSD platforms.
* includes a patch from Sebastian Andrzej Siewior making ClamAV pid files compatible with systemd.
* Fix a heap out of bounds condition with crafted Yoda’s crypter files. This issue was discovered by Felix Groebert of the Google Security Team.
* Fix a heap out of bounds condition with crafted mew packer files. This issue was discovered by Felix Groebert of the Google Security Team.
* Fix a heap out of bounds condition with crafted upx packer files. This issue was discovered by Kevin Szkudlapski of Quarkslab.
* Fix a heap out of bounds condition with crafted upack packer files. This issue was discovered by Sebastian Andrzej Siewior. CVE-2014-9328.
* Compensate a crash due to incorrect compiler optimization when handling crafted petite packer files. This issue was discovered by Sebastian Andrzej Siewior.
Monthly Archives: January 2015
Fedora EPEL 5 Security Update: clamav-0.98.6-1.el5
Resolved Bugs
1187050 – CVE-2014-9328 clamav: heap out of bounds condition with crafted upack packer files
1187052 – CVE-2014-9328 clamav: heap out of bounds condition with crafted upack packer files [epel-all]
1186634 – new version avaliable upstream<br
ClamAV 0.98.6
=============
ClamAV 0.98.6 is a bug fix release correcting the following:
* library shared object revisions.
* installation issues on some Mac OS X and FreeBSD platforms.
* includes a patch from Sebastian Andrzej Siewior making ClamAV pid files compatible with systemd.
* Fix a heap out of bounds condition with crafted Yoda’s crypter files. This issue was discovered by Felix Groebert of the Google Security Team.
* Fix a heap out of bounds condition with crafted mew packer files. This issue was discovered by Felix Groebert of the Google Security Team.
* Fix a heap out of bounds condition with crafted upx packer files. This issue was discovered by Kevin Szkudlapski of Quarkslab.
* Fix a heap out of bounds condition with crafted upack packer files. This issue was discovered by Sebastian Andrzej Siewior. CVE-2014-9328.
* Compensate a crash due to incorrect compiler optimization when handling crafted petite packer files. This issue was discovered by Sebastian Andrzej Siewior.
Fedora EPEL 6 Security Update: websvn-2.3.3-8.el6
Outlook For iOS Security Fail
Financial Firm Infiltrated for Six Months With Off The Shelf Malware
DOJ Inspector General: Reporter's Hacking Claims Can't Be Substantiated
Office Puts Chips Under Staff's Skin
CVE-2014-4467
WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.
CVE-2014-4476
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479.
CVE-2014-4477
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479.