Gentoo Archives: gentoo-announce

From: Yury German <blueknight@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201512-08 ] ClamAV: Multiple vulnerabilities
Date: Wed, 30 Dec 2015 14:03:00
Message-Id: 5683E3B1.6090803@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201512-08
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: ClamAV: Multiple vulnerabilities
9 Date: December 30, 2015
10 Bugs: #538084, #548066
11 ID: 201512-08
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in ClamAV, possibly resulting
19 in Denial of Service.
20
21 Background
22 ==========
23
24 ClamAV is a GPL virus scanner.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 app-antivirus/clamav < 0.98.7 >= 0.98.7
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in ClamAV. Please review
38 the CVE identifiers referenced below for details.
39
40 Impact
41 ======
42
43 A remote attacker could cause ClamAV to scan a specially crafted file,
44 possibly resulting in a Denial of Service condition or other
45 unspecified impact.
46
47 Workaround
48 ==========
49
50 There is no known workaround at this time.
51
52 Resolution
53 ==========
54
55 All ClamAV users should upgrade to the latest version:
56
57 # emerge --sync
58 # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.98.7"
59
60 References
61 ==========
62
63 [ 1 ] CVE-2014-9328
64 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9328
65 [ 2 ] CVE-2015-1461
66 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1461
67 [ 3 ] CVE-2015-1462
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1462
69 [ 4 ] CVE-2015-1463
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1463
71 [ 5 ] CVE-2015-2170
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2170
73 [ 6 ] CVE-2015-2221
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2221
75 [ 7 ] CVE-2015-2222
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2222
77 [ 8 ] CVE-2015-2668
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2668
79
80 Availability
81 ============
82
83 This GLSA and any updates to it are available for viewing at
84 the Gentoo Security Website:
85
86 https://security.gentoo.org/glsa/201512-08
87
88 Concerns?
89 =========
90
91 Security is a primary focus of Gentoo Linux and ensuring the
92 confidentiality and security of our users' machines is of utmost
93 importance to us. Any security concerns should be addressed to
94 security@g.o or alternatively, you may file a bug at
95 https://bugs.gentoo.org.
96
97 License
98 =======
99
100 Copyright 2015 Gentoo Foundation, Inc; referenced text
101 belongs to its owner(s).
102
103 The contents of this document are licensed under the
104 Creative Commons - Attribution / Share Alike license.
105
106 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature