Fedora 20 Security Update: clamav-0.98.6-1.fc20

Resolved Bugs
1187050 – CVE-2014-9328 clamav: heap out of bounds condition with crafted upack packer files
1187051 – CVE-2014-9328 clamav: heap out of bounds condition with crafted upack packer files [fedora-all]
1186634 – new version avaliable upstream<br
ClamAV 0.98.6
=============
ClamAV 0.98.6 is a bug fix release correcting the following:
* library shared object revisions.
* installation issues on some Mac OS X and FreeBSD platforms.
* includes a patch from Sebastian Andrzej Siewior making ClamAV pid files compatible with systemd.
* Fix a heap out of bounds condition with crafted Yoda’s crypter files. This issue was discovered by Felix Groebert of the Google Security Team.
* Fix a heap out of bounds condition with crafted mew packer files. This issue was discovered by Felix Groebert of the Google Security Team.
* Fix a heap out of bounds condition with crafted upx packer files. This issue was discovered by Kevin Szkudlapski of Quarkslab.
* Fix a heap out of bounds condition with crafted upack packer files. This issue was discovered by Sebastian Andrzej Siewior. CVE-2014-9328.
* Compensate a crash due to incorrect compiler optimization when handling crafted petite packer files. This issue was discovered by Sebastian Andrzej Siewior.

Leave a Reply