[arch-security] [ASA-201502-6] clamav: arbitrary code execution
anthraxx at archlinux.org
Fri Feb 6 12:32:32 UTC 2015
Arch Linux Security Advisory ASA-201502-6
Date : 2015-02-06
CVE-ID : CVE-2014-9328
Package : clamav
Type : arbitrary code execution
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package clamav before version 0.98.6-1 is vulnerable to arbitrary
Upgrade to 0.98.6-1.
# pacman -Syu "clamav>=0.98.6-1"
The problems have been fixed upstream in version 0.98.6.
Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled
certain upack packer files. An attacker could possibly use this issue to
cause ClamAV to crash, resulting in a denial of service, or possibly
execute arbitrary code.
A remote attacker is able to craft special upack packer files leading to
denial of service or possibly arbitrary code execution.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security