From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 00F7F1384B4 for ; Wed, 30 Dec 2015 14:03:00 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E3FEB21C0BD; Wed, 30 Dec 2015 14:01:56 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C7DCB21C010 for ; Wed, 30 Dec 2015 14:01:32 +0000 (UTC) Received: from [172.31.99.93] (static-108-46-66-100.nycmny.fios.verizon.net [108.46.66.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: blueknight) by smtp.gentoo.org (Postfix) with ESMTPSA id 9C10B33FEB1 for ; Wed, 30 Dec 2015 14:01:31 +0000 (UTC) To: gentoo-announce@lists.gentoo.org From: Yury German Subject: [gentoo-announce] [ GLSA 201512-08 ] ClamAV: Multiple vulnerabilities Message-ID: <5683E3B1.6090803@gentoo.org> Date: Wed, 30 Dec 2015 09:01:21 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-announce@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="i3oeCxGk1l1A1PULSUkWBxFEGwQqJocV3" X-Archives-Salt: 646ee8f0-ea9c-471e-a247-d07154b4c58b X-Archives-Hash: 87021ff1a23a6b574800e4129518bc99 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --i3oeCxGk1l1A1PULSUkWBxFEGwQqJocV3 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201512-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ClamAV: Multiple vulnerabilities Date: December 30, 2015 Bugs: #538084, #548066 ID: 201512-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis =3D=3D=3D=3D=3D=3D=3D=3D Multiple vulnerabilities have been found in ClamAV, possibly resulting in Denial of Service. Background =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D ClamAV is a GPL virus scanner. Affected packages =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-antivirus/clamav < 0.98.7 >=3D 0.98.7 Description =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact =3D=3D=3D=3D=3D=3D A remote attacker could cause ClamAV to scan a specially crafted file, possibly resulting in a Denial of Service condition or other unspecified impact. Workaround =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D There is no known workaround at this time. Resolution =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D All ClamAV users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=3Dapp-antivirus/clamav-0.98.7" References =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [ 1 ] CVE-2014-9328 http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-9328 [ 2 ] CVE-2015-1461 http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2015-1461 [ 3 ] CVE-2015-1462 http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2015-1462 [ 4 ] CVE-2015-1463 http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2015-1463 [ 5 ] CVE-2015-2170 http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2015-2170 [ 6 ] CVE-2015-2221 http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2015-2221 [ 7 ] CVE-2015-2222 http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2015-2222 [ 8 ] CVE-2015-2668 http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2015-2668 Availability =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201512-08 Concerns? =3D=3D=3D=3D=3D=3D=3D=3D=3D Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License =3D=3D=3D=3D=3D=3D=3D Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --i3oeCxGk1l1A1PULSUkWBxFEGwQqJocV3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJWg+OxAAoJEDkRiObnjK1yUkUH/1fuInTvzSHWQUW4Nk58revF xcfVF8et7e6eFq2mrAg0uPsR5d8glEg2/aSyipAjpQbZWoVTiHsmfx2y/qfj6xmK A0aBHevhnIClIezb0ujfSMMvrD7mIc9NqDJvCksznhNMVbpsSw4PBxb+3hqFh9KM 280ophaQj2ZS+FOWywsy0UEqSYhtmgw1GgMQTdakKg9QzXeaaopXB+OUQr5SQigR fdjVNOqUQD5OKyqPk5kSTjGdC+mChXBN2+K1dN90hXX9zF4OMvTtcdme0jZ6ACfm KH5tgR+qd0FYHSJcqu6k+AGoODOWO/UKmG68RfqtI3nkFGHUrnEweNHRaHai0y8= =tC6R -----END PGP SIGNATURE----- --i3oeCxGk1l1A1PULSUkWBxFEGwQqJocV3--