ClamAV: Multiple vulnerabilities — GLSA 201405-08

Multiple vulnerabilities have been found in ClamAV, the worst of which could lead to arbitrary code execution.

Affected Packages

app-antivirus/clamav on all architectures
Affected versions < 0.98
Unaffected versions >= 0.98

Background

Clam AntiVirus (ClamAV) is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.

Description

Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could send a specially crafted file, leading to arbitrary code execution or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All ClamAV users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.98"
 

References

Release Date
May 16, 2014

Latest Revision
May 16, 2014: 1

Severity
high

Exploitable
remote

Bugzilla entries