Univention Bugzilla – Bug 38425
Update clamav to 0.98.7 (4.0)
Last modified: 2015-07-16 14:23:12 CEST
clamav 0.98.7+dfsg-1 fixes these security issues:
* Crash in upx decoder with crafted file (CVE-2015-2170)
* Infinite loop condition on crafted y0da cryptor file (CVE-2015-2221)
* Crash on crafted petite packed file (CVE-2015-2222)
* Infinite loop condition on a crafted "xz" archive file (CVE-2015-2668)
* Heap overflow vulnerability in regcomp.c (CVE-2015-2305)
Quoting Bug #36965: The clamav version in 4.0 uses the system copy of LLVM, but the ClamAV tarball also includes a local copy, so the dependenciees must be adapted not to build-depend on libllvm.
$ repo_admin.py -U -p clamav -d wheezy-updates -r 4.0-0-0 -s errata4.0-2
r14805 | Bug #38629: ClamAV 0.98.7 for UCS-4.0
r14807 | Bug #38629: ClamAV 0.98.7 for UCS-4.0
OK: apt-get install clamav
OK: clamscan test/clam*
r61113 | Bug #38425: ClamAV 0.98.7 for UCS-4.0-2 YAML
(In reply to Arvid Requate from comment #1)
> Quoting Bug #36965: The clamav version in 4.0 uses the system copy of LLVM,
> but the ClamAV tarball also includes a local copy, so the dependenciees must
> be adapted not to build-depend on libllvm.
I think this is bogus, as UCS-4.0 contains LLVM already and was already used for building 0.98.6. Only for previous UCS versions << 4.0 the internal version is required, as they don't have a new enough LLVM.
Tests Update: OK
Tests Installation: OK