Test ID:	1.3.6.1.4.1.25623.1.1.10.2015.0190
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2015-0190)
Summary:	The remote host is missing an update for the 'clamav' package(s) announced via the MGASA-2015-0190 advisory.
Description:	Summary: The remote host is missing an update for the 'clamav' package(s) announced via the MGASA-2015-0190 advisory. Vulnerability Insight: This updates fixes the following security issues: Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221 Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2222. Fix an infinite loop condition on a crafted 'xz' archive file. This was reported by Dimitri Kirchner and Goulven Guiheux.CVE-2015-2668 Apply upstream patch for possible heap overflow in Henry Spencer's regex library. CVE-2015-2305 Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2170 Affected Software/OS: 'clamav' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2170 BugTraq ID: 74443 http://www.securityfocus.com/bid/74443 https://security.gentoo.org/glsa/201512-08 SuSE Security Announcement: openSUSE-SU-2015:0906 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html http://ubuntu.com/usn/usn-2594-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-2221 Common Vulnerability Exposure (CVE) ID: CVE-2015-2222 Common Vulnerability Exposure (CVE) ID: CVE-2015-2305 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html BugTraq ID: 72611 http://www.securityfocus.com/bid/72611 CERT/CC vulnerability note: VU#695940 http://www.kb.cert.org/vuls/id/695940 Debian Security Information: DSA-3195 (Google Search) http://www.debian.org/security/2015/dsa-3195 HPdes Security Advisory: HPSBUX03337 http://marc.info/?l=bugtraq&m=143403519711434&w=2 HPdes Security Advisory: SSRT102066 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ http://openwall.com/lists/oss-security/2015/02/07/14 http://openwall.com/lists/oss-security/2015/03/11/8 RedHat Security Advisories: RHSA-2015:1053 http://rhn.redhat.com/errata/RHSA-2015-1053.html RedHat Security Advisories: RHSA-2015:1066 http://rhn.redhat.com/errata/RHSA-2015-1066.html http://www.securitytracker.com/id/1031947 SuSE Security Announcement: SUSE-SU-2015:0868 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html SuSE Security Announcement: SUSE-SU-2015:0946 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html SuSE Security Announcement: openSUSE-SU-2015:0644 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html http://www.ubuntu.com/usn/USN-2572-1 http://www.ubuntu.com/usn/USN-2594-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-2668 BugTraq ID: 74472 http://www.securityfocus.com/bid/74472
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.