Univention Bugzilla – Bug 38425
Update clamav to 0.98.7 (4.0)
Last modified: 2015-07-16 14:23:12 CEST
clamav 0.98.7+dfsg-1 fixes these security issues: * Crash in upx decoder with crafted file (CVE-2015-2170) * Infinite loop condition on crafted y0da cryptor file (CVE-2015-2221) * Crash on crafted petite packed file (CVE-2015-2222) * Infinite loop condition on a crafted "xz" archive file (CVE-2015-2668) * Heap overflow vulnerability in regcomp.c (CVE-2015-2305)
Quoting Bug #36965: The clamav version in 4.0 uses the system copy of LLVM, but the ClamAV tarball also includes a local copy, so the dependenciees must be adapted not to build-depend on libllvm.
$ repo_admin.py -U -p clamav -d wheezy-updates -r 4.0-0-0 -s errata4.0-2 r14805 | Bug #38629: ClamAV 0.98.7 for UCS-4.0 r14807 | Bug #38629: ClamAV 0.98.7 for UCS-4.0 Package: clamav Version: 0.98.7+dfsg-0.154.201506081449 Branch: ucs_4.0-0 Scope: errata4.0-2 OK: apt-get install clamav OK: clamscan test/clam* r61113 | Bug #38425: ClamAV 0.98.7 for UCS-4.0-2 YAML 2015-06-08-clamav.yaml (In reply to Arvid Requate from comment #1) > Quoting Bug #36965: The clamav version in 4.0 uses the system copy of LLVM, > but the ClamAV tarball also includes a local copy, so the dependenciees must > be adapted not to build-depend on libllvm. I think this is bogus, as UCS-4.0 contains LLVM already and was already used for building 0.98.6. Only for previous UCS versions << 4.0 the internal version is required, as they don't have a new enough LLVM.
Tests Update: OK Tests Installation: OK Advisory: OK
<http://errata.univention.de/ucs/4.0/241.html>