Mandriva Linux Security Advisory : clamav (MDVSA-2015:221)
Medium Nessus Plugin ID 83245
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been found and corrected in clamav :
Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior (CVE-2015-2221).
Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior (CVE-2015-2222).
Fix an infinite loop condition on a crafted xz archive file. This was reported by Dimitri Kirchner and Goulven Guiheux (CVE-2015-2668).
Apply upstream patch for possible heap overflow in Henry Spencer's regex library (CVE-2015-2305).
Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian Andrzej Siewior (CVE-2015-2170).
The updated packages provides a solution for these security issues.
SolutionUpdate the affected packages.