ALAS-2014-457


Amazon Linux AMI Security Advisory: ALAS-2014-457
Advisory Release Date: 2014-12-08 13:16 Pacific
Severity: Low
References: CVE-2013-6497 

Issue Overview:

clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.


Affected Packages:

clamav


Issue Correction:
Run yum update clamav to update your system.

New Packages:
i686:
    clamav-server-0.98.5-1.10.amzn1.i686
    clamav-milter-0.98.5-1.10.amzn1.i686
    clamd-0.98.5-1.10.amzn1.i686
    clamav-update-0.98.5-1.10.amzn1.i686
    clamav-0.98.5-1.10.amzn1.i686
    clamav-db-0.98.5-1.10.amzn1.i686
    clamav-debuginfo-0.98.5-1.10.amzn1.i686
    clamav-lib-0.98.5-1.10.amzn1.i686
    clamav-devel-0.98.5-1.10.amzn1.i686

noarch:
    clamav-data-empty-0.98.5-1.10.amzn1.noarch
    clamav-scanner-sysvinit-0.98.5-1.10.amzn1.noarch
    clamav-data-0.98.5-1.10.amzn1.noarch
    clamav-scanner-0.98.5-1.10.amzn1.noarch
    clamav-filesystem-0.98.5-1.10.amzn1.noarch
    clamav-server-sysvinit-0.98.5-1.10.amzn1.noarch
    clamav-milter-sysvinit-0.98.5-1.10.amzn1.noarch

src:
    clamav-0.98.5-1.10.amzn1.src

x86_64:
    clamd-0.98.5-1.10.amzn1.x86_64
    clamav-server-0.98.5-1.10.amzn1.x86_64
    clamav-0.98.5-1.10.amzn1.x86_64
    clamav-update-0.98.5-1.10.amzn1.x86_64
    clamav-lib-0.98.5-1.10.amzn1.x86_64
    clamav-devel-0.98.5-1.10.amzn1.x86_64
    clamav-debuginfo-0.98.5-1.10.amzn1.x86_64
    clamav-db-0.98.5-1.10.amzn1.x86_64
    clamav-milter-0.98.5-1.10.amzn1.x86_64