oss-sec mailing list archives
Fwd: ClamAV® blog: ClamAV 0.98.6 has been released!
From: Alexander Cherepanov <ch3root () openwall com>
Date: Thu, 29 Jan 2015 22:21:58 +0300
Hi! FYI:ClamAV 0.98.6 release notes list several issues which looks like security fixes but only one CVE mentioned.
ChangeLog lists bugzilla numbers but the bugs are not yet public.Relevant commit are not yet in github repo but the diff between 0.98.6 branch and the released tarball is quite small and seems to contain almost only relevant fixes.
Alexander Cherepanov -------- Forwarded Message -------- Subject: ClamAV® blog: ClamAV 0.98.6 has been released! Date: Tue, 27 Jan 2015 23:24:43 +0000 From: Joel Esler (jesler) <jesler () cisco com>To: clamav-announce () lists clamav net <clamav-announce () lists clamav net>, ClamAV users ML <clamav-users () lists clamav net>, clamav-dev(mailer list) <clamav-dev () cisco com>
http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html ClamAV 0.98.6 is a bug fix release correcting the following: * library shared object revisions. * installation issues on some Mac OS X and FreeBSD platforms.* includes a patch from Sebastian Andrzej Siewior making ClamAV pid files compatible with systemd. * - Fix a heap out of bounds condition with crafted Yoda's crypter files. This issue was discovered by Felix Groebert of the Google Security Team. * - Fix a heap out of bounds condition with crafted mew packer files. This issue was discovered by Felix Groebert of the Google Security Team. * - Fix a heap out of bounds condition with crafted upx packer files. This issue was discovered by Kevin Szkudlapski of Quarkslab. * - Fix a heap out of bounds condition with crafted upack packer files. This issue was discovered by Sebastian Andrzej Siewior. CVE-2014-9328. * - Compensate a crash due to incorrect compiler optimization when handling crafted petite packer files. This issue was discovered by Sebastian Andrzej Siewior.
Thanks to the following ClamAV community members for code submissions and bug reporting included in ClamAV 0.98.6: Sebastian Andrzej Siewior Felix Groebert Kevin Szkudlapski Mark Pizzolato Daniel J. LukePlease download the latest release of ClamAV from 0.98.6 from our download page<http://www.clamav.net/download.html>.
-- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos
Current thread:
- Fwd: ClamAV® blog: ClamAV 0.98.6 has been released! Alexander Cherepanov (Jan 29)