Bugzilla – Bug 929192
VUL-0: CVE-2015-2170, CVE-2015-2221, CVE-2015-2222, CVE-2015-2668, CVE-2015-2305: clamav: 0.98.7
Last modified: 2019-08-16 17:04:07 UTC
From http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html > ClamAV 0.98.7 is here! This release contains new scanning features > and bug fixes. > > - Improvements to PDF processing: decryption, escape sequence > handling, and file property collection. > - Scanning/analysis of additional Microsoft Office 2003 XML format. > - Fix infinite loop condition on crafted y0da cryptor file. Identified > and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221. > - Fix crash on crafted petite packed file. Reported and patch > supplied by Sebastian Andrzej Siewior. CVE-2015-2222. > - Fix false negatives on files within iso9660 containers. This issue > was reported by Minzhuan Gong. > - Fix a couple crashes on crafted upack packed file. Identified and > patches supplied by Sebastian Andrzej Siewior. > - Fix a crash during algorithmic detection on crafted PE file. > Identified and patch supplied by Sebastian Andrzej Siewior. > - Fix an infinite loop condition on a crafted "xz" archive file. > This was reported by Dimitri Kirchner and Goulven Guiheux. > CVE-2015-2668. > - Fix compilation error after ./configure --disable-pthreads. > Reported and fix suggested by John E. Krokes. > - Apply upstream patch for possible heap overflow in Henry Spencer's > regex library. CVE-2015-2305. For clamav, we tracked this in bug 922560. > - Fix crash in upx decoder with crafted file. Discovered and patch > supplied by Sebastian Andrzej Siewior. CVE-2015-2170. > - Fix segfault scanning certain HTML files. Reported with sample by > Kai Risku. > - Improve detections within xar/pkg files.
*** Bug 922560 has been marked as a duplicate of this bug. ***
https://swamp.suse.de/webswamp/wf/61644
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (929192) was mentioned in https://build.opensuse.org/request/show/305579 Factory / clamav
SUSE-SU-2015:0871-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 929192 CVE References: CVE-2015-2170,CVE-2015-2221,CVE-2015-2222,CVE-2015-2305,CVE-2015-2668 Sources used: SUSE Linux Enterprise Server 11 SP3 for VMware (src): clamav-0.98.7-0.3.1 SUSE Linux Enterprise Server 11 SP3 (src): clamav-0.98.7-0.3.1 SUSE Linux Enterprise Desktop 11 SP3 (src): clamav-0.98.7-0.3.1
SUSE-SU-2015:0882-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 929192 CVE References: CVE-2015-2170,CVE-2015-2221,CVE-2015-2222,CVE-2015-2305,CVE-2015-2668 Sources used: SUSE Linux Enterprise Server 12 (src): clamav-0.98.7-13.1
SUSE-SU-2015:0882-2: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 929192 CVE References: CVE-2015-2170,CVE-2015-2221,CVE-2015-2222,CVE-2015-2305,CVE-2015-2668 Sources used: SUSE Linux Enterprise Server 12 (src): clamav-0.98.7-13.1 SUSE Linux Enterprise Desktop 12 (src): clamav-0.98.7-13.1
openSUSE-SU-2015:0906-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 929192 CVE References: CVE-2015-2170,CVE-2015-2221,CVE-2015-2222,CVE-2015-2305,CVE-2015-2668 Sources used: openSUSE 13.2 (src): clamav-0.98.7-2.16.1 openSUSE 13.1 (src): clamav-0.98.7-33.1
This is an autogenerated message for OBS integration: This bug (929192) was mentioned in https://build.opensuse.org/request/show/547654 15.0 / clamav