Executive Summary

Informations
Name MDVSA-2015:166 First vendor Publication 2015-03-29
Vendor Mandriva Last vendor Modification 2015-03-29
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Updated clamav packages fix security vulnerabilities:

ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being security bugs:

Certain javascript files causes ClamAV to segfault when scanned with the -a (list archived files) (CVE-2013-6497).

A heap buffer overflow was reported in ClamAV when scanning a specially crafted y0da Crypter obfuscated PE file (CVE-2014-9050).

Fix a heap out of bounds condition with crafted Yoda's crypter files. This issue was discovered by Felix Groebert of the Google Security Team.

Fix a heap out of bounds condition with crafted mew packer files. This issue was discovered by Felix Groebert of the Google Security Team.

Fix a heap out of bounds condition with crafted upx packer files. This issue was discovered by Kevin Szkudlapski of Quarkslab.

Fix a heap out of bounds condition with crafted upack packer files. This issue was discovered by Sebastian Andrzej Siewior (CVE-2014-9328).

Compensate a crash due to incorrect compiler optimization when handling crafted petite packer files. This issue was discovered by Sebastian Andrzej Siewior.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:166

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
33 % CWE-17 Code

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28489
 
Oval ID: oval:org.mitre.oval:def:28489
Title: USN-2423-1 -- ClamAV vulnerabilities
Description: Kurt Seifried discovered that ClamAV incorrectly handled certain JavaScript files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-6497">CVE-2013-6497</a>) Damien Millescamp discovered that ClamAV incorrectly handled certain PE files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9050">CVE-2014-9050</a>)
Family: unix Class: patch
Reference(s): USN-2423-1
CVE-2013-6497
CVE-2014-9050
Version: 5
Platform(s): Ubuntu 14.10
Ubuntu 14.04
Ubuntu 12.04
Product(s): clamav
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28679
 
Oval ID: oval:org.mitre.oval:def:28679
Title: SUSE-SU-2014:1574-1 -- Security update for clamav (important)
Description: clamav was updated to version 0.98.5 to fix three security issues and several non-security issues. These security issues have been fixed: * Crash when scanning maliciously crafted yoda's crypter files (CVE-2013-6497). * Heap-based buffer overflow when scanning crypted PE files (CVE-2014-9050). * Crash when using 'clamscan -a'. These non-security issues have been fixed: * Support for the XDP file format and extracting, decoding, and scanning PDF files within XDP files. * Addition of shared library support for LLVM versions 3.1 - 3.5 for the purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures. * Enhancements to the clambc command line utility to assist ClamAV bytecode signature authors by providing introspection into compiled bytecode programs. * Resolution of many of the warning messages from ClamAV compilation. * Improved detection of malicious PE files. * ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode (bnc#904207). * Fix server socket setup code in clamd (bnc#903489). * Change updateclamconf to prefer the state of the old config file even for commented-out options (bnc#903719). * Fix infinite loop in clamdscan when clamd is not running. * Fix buffer underruns when handling multi-part MIME email attachments. * Fix configuration of OpenSSL on various platforms. * Fix linking issues with libclamunrar. Security Issues: * CVE-2013-6497 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6497> * CVE-2014-9050 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9050>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1574-1
CVE-2013-6497
CVE-2014-9050
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Desktop 11
Product(s): clamav
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 140
Os 2
Os 1

Nessus® Vulnerability Scanner

Date Description
2016-01-04 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201512-08.nasl - Type : ACT_GATHER_INFO
2015-05-29 Name : The remote Debian host is missing a security update.
File : debian_DLA-233.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-166.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-95.nasl - Type : ACT_GATHER_INFO
2015-03-09 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-486.nasl - Type : ACT_GATHER_INFO
2015-02-17 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_clamav-150206.nasl - Type : ACT_GATHER_INFO
2015-02-16 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-147.nasl - Type : ACT_GATHER_INFO
2015-02-13 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2488-2.nasl - Type : ACT_GATHER_INFO
2015-02-11 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-042.nasl - Type : ACT_GATHER_INFO
2015-02-03 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2488-1.nasl - Type : ACT_GATHER_INFO
2015-02-03 Name : The antivirus service running on the remote host is affected by multiple vuln...
File : clamav_0_98_6.nasl - Type : ACT_GATHER_INFO
2015-02-02 Name : The remote Fedora host is missing a security update.
File : fedora_2015-1461.nasl - Type : ACT_GATHER_INFO
2015-02-02 Name : The remote Fedora host is missing a security update.
File : fedora_2015-1437.nasl - Type : ACT_GATHER_INFO
2014-12-10 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-05.nasl - Type : ACT_GATHER_INFO
2014-12-10 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-457.nasl - Type : ACT_GATHER_INFO
2014-12-07 Name : The remote Fedora host is missing a security update.
File : fedora_2014-15434.nasl - Type : ACT_GATHER_INFO
2014-12-06 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_clamav-141125.nasl - Type : ACT_GATHER_INFO
2014-12-06 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-736.nasl - Type : ACT_GATHER_INFO
2014-11-28 Name : The remote Fedora host is missing a security update.
File : fedora_2014-15463.nasl - Type : ACT_GATHER_INFO
2014-11-27 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2423-1.nasl - Type : ACT_GATHER_INFO
2014-11-24 Name : The remote Fedora host is missing a security update.
File : fedora_2014-15473.nasl - Type : ACT_GATHER_INFO
2014-11-21 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-217.nasl - Type : ACT_GATHER_INFO
2014-11-21 Name : The antivirus service running on the remote host is affected by multiple deni...
File : clamav_0_98_5.nasl - Type : ACT_GATHER_INFO
2014-10-15 Name : The remote Solaris system is missing a security patch from CPU oct2014.
File : solaris_oct2014_11_2SRU0.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2015-03-31 13:29:48
  • Multiple Updates
2015-03-29 21:25:05
  • First insertion