Arch Linux Security Advisory ASA-201502-6 ========================================= Severity: Critical Date : 2015-02-06 CVE-ID : CVE-2014-9328 Package : clamav Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package clamav before version 0.98.6-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 0.98.6-1. # pacman -Syu "clamav>=0.98.6-1" The problems have been fixed upstream in version 0.98.6. Workaround ========== None. Description =========== Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled certain upack packer files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Impact ====== A remote attacker is able to craft special upack packer files leading to denial of service or possibly arbitrary code execution. References ========== http://lists.clamav.net/pipermail/clamav-announce/2015/000010.html https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9328