Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0056)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.10.2015.0056

Category: Mageia Linux Local Security Checks

Title: Mageia: Security Advisory (MGASA-2015-0056)

Summary: The remote host is missing an update for the 'clamav' package(s) announced via the MGASA-2015-0056 advisory.

Description: Summary:
The remote host is missing an update for the 'clamav' package(s) announced via the MGASA-2015-0056 advisory.

Vulnerability Insight:
ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being
security bugs:

Fix a heap out of bounds condition with crafted Yoda's crypter files.
This issue was discovered by Felix Groebert of the Google Security Team.

Fix a heap out of bounds condition with crafted mew packer files.
This issue was discovered by Felix Groebert of the Google Security Team.

Fix a heap out of bounds condition with crafted upx packer files.
This issue was discovered by Kevin Szkudlapski of Quarkslab.

Fix a heap out of bounds condition with crafted upack packer files.
This issue was discovered by Sebastian Andrzej Siewior (CVE-2014-9328).

Compensate a crash due to incorrect compiler optimization when handling crafted
petite packer files. This issue was discovered by Sebastian Andrzej Siewior.

Affected Software/OS:
'clamav' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-9328
BugTraq ID: 72372
http://www.securityfocus.com/bid/72372
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148950.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148958.html
https://security.gentoo.org/glsa/201512-08
http://securitytracker.com/id/1031672
http://secunia.com/advisories/62536
http://secunia.com/advisories/62757
SuSE Security Announcement: SUSE-SU-2015:0298 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00020.html
SuSE Security Announcement: openSUSE-SU-2015:0285 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00014.html
SuSE Security Announcement: openSUSE-SU-2015:0906 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html
http://www.ubuntu.com/usn/USN-2488-2

Copyright Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.10.2015.0056
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2015-0056)
Summary:	The remote host is missing an update for the 'clamav' package(s) announced via the MGASA-2015-0056 advisory.
Description:	Summary: The remote host is missing an update for the 'clamav' package(s) announced via the MGASA-2015-0056 advisory. Vulnerability Insight: ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being security bugs: Fix a heap out of bounds condition with crafted Yoda's crypter files. This issue was discovered by Felix Groebert of the Google Security Team. Fix a heap out of bounds condition with crafted mew packer files. This issue was discovered by Felix Groebert of the Google Security Team. Fix a heap out of bounds condition with crafted upx packer files. This issue was discovered by Kevin Szkudlapski of Quarkslab. Fix a heap out of bounds condition with crafted upack packer files. This issue was discovered by Sebastian Andrzej Siewior (CVE-2014-9328). Compensate a crash due to incorrect compiler optimization when handling crafted petite packer files. This issue was discovered by Sebastian Andrzej Siewior. Affected Software/OS: 'clamav' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9328 BugTraq ID: 72372 http://www.securityfocus.com/bid/72372 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148950.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148958.html https://security.gentoo.org/glsa/201512-08 http://securitytracker.com/id/1031672 http://secunia.com/advisories/62536 http://secunia.com/advisories/62757 SuSE Security Announcement: SUSE-SU-2015:0298 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00020.html SuSE Security Announcement: openSUSE-SU-2015:0285 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00014.html SuSE Security Announcement: openSUSE-SU-2015:0906 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html http://www.ubuntu.com/usn/USN-2488-2
Copyright	Copyright (C) 2022 Greenbone AG