[Pkg-clamav-devel] Bug#770985: Bug#770985: Bug#770985: clamav: heap buffer overflow when scanning a specially crafted y0da Crypter obfuscated PE file
Scott Kitterman
debian at kitterman.com
Tue Nov 25 21:30:43 UTC 2014
On Tuesday, November 25, 2014 10:18:21 PM Sebastian Andrzej Siewior wrote:
> On Tue, Nov 25, 2014 at 07:07:30PM +0100, Ralf Hildebrandt wrote:
> > Version: 0.98.1+dfsg-1+deb6u3
> >
> > A heap buffer overflow was reported in [1] in ClamAV when scanning a
> > specially crafted y0da Crypter obfuscated PE file.
> > Note that this is remotely exploitable when ClamAV is used as a mail
> > gateway scanner.
>
> we are aware of the situtation, a stable upload is already waiting. Please
> note that there won't be an update for Squeeze unless the LTS team does so.
I did add clamav to the list of packages needing an update for the LTS (and
libclamunrar too), so the LTS team is aware of it.
Scott K
More information about the Pkg-clamav-devel
mailing list