[v3.0] clamav: DoS (CVE-2015-2170, CVE-2015-2221)
The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file (CVE-2015-2170). ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file (CVE-2015-2221).
CONFIRM:
http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html
http://ubuntu.com/usn/usn-2594-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2221
(from redmine: issue id 4239, created on 2015-05-22, closed on 2015-06-05)
- Relations:
- parent #4236 (closed)
- Changesets:
- Revision c383688c by Natanael Copa on 2015-05-29T08:48:01Z:
main/clamav: security upgrade to 0.98.7 (CVE-2015-2170,CVE-2015-2221)
fixes #4239