ALAS-2015-537


Amazon Linux 1 Security Advisory: ALAS-2015-537
Advisory Release Date: 2015-06-02 22:23 Pacific
Advisory Updated Date: 2015-06-02 22:36 Pacific
Severity: Medium

Issue Overview:

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. (CVE-2015-2221)

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. (CVE-2015-2668)

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. (CVE-2015-2222)

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. (CVE-2015-2170)


Affected Packages:

clamav


Issue Correction:
Run yum update clamav to update your system.

New Packages:
i686:
    clamd-0.98.7-1.12.amzn1.i686
    clamav-db-0.98.7-1.12.amzn1.i686
    clamav-debuginfo-0.98.7-1.12.amzn1.i686
    clamav-0.98.7-1.12.amzn1.i686
    clamav-lib-0.98.7-1.12.amzn1.i686
    clamav-server-0.98.7-1.12.amzn1.i686
    clamav-devel-0.98.7-1.12.amzn1.i686
    clamav-update-0.98.7-1.12.amzn1.i686
    clamav-milter-0.98.7-1.12.amzn1.i686

noarch:
    clamav-filesystem-0.98.7-1.12.amzn1.noarch
    clamav-server-sysvinit-0.98.7-1.12.amzn1.noarch
    clamav-scanner-0.98.7-1.12.amzn1.noarch
    clamav-milter-sysvinit-0.98.7-1.12.amzn1.noarch
    clamav-data-empty-0.98.7-1.12.amzn1.noarch
    clamav-data-0.98.7-1.12.amzn1.noarch
    clamav-scanner-sysvinit-0.98.7-1.12.amzn1.noarch

src:
    clamav-0.98.7-1.12.amzn1.src

x86_64:
    clamav-0.98.7-1.12.amzn1.x86_64
    clamav-update-0.98.7-1.12.amzn1.x86_64
    clamd-0.98.7-1.12.amzn1.x86_64
    clamav-server-0.98.7-1.12.amzn1.x86_64
    clamav-milter-0.98.7-1.12.amzn1.x86_64
    clamav-db-0.98.7-1.12.amzn1.x86_64
    clamav-debuginfo-0.98.7-1.12.amzn1.x86_64
    clamav-lib-0.98.7-1.12.amzn1.x86_64
    clamav-devel-0.98.7-1.12.amzn1.x86_64