[v2.7] clamav: multiple security fixes (CVE 2013-6497, CVE-2014-9050)
ClamAV 0.98.5 has been released.
Among the new features and fixes there are several security fixes:
• Security fix for ClamAV crash when using ‘clamscan -a’. This issue was
identified by Kurt Siefried of Red Hat (CVE-2013-6497).
• Security fix for ClamAV crash when scanning maliciously crafted yoda’s
crypter files. This issue, as well as several other bugs fixed in this
release, were identified by Damien Millescamp of Oppida (CVE-2014-9050).
References:
http://seclists.org/oss-sec/2014/q4/673
http://blog.clamav.net/2014/11/clamav-0985-has-been-released.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9050
(from redmine: issue id 3726, created on 2015-01-23, closed on 2017-09-05)
- Relations:
- parent #3724