Bug 38428

Summary: clamav: Multiple security issues (ES 3.1)
Product: UCS Reporter: Arvid Requate <requate>
Component: Security updatesAssignee: Arvid Requate <requate>
Status: CLOSED DUPLICATE QA Contact: Janek Walkenhorst <walkenhorst>
Severity: normal    
Priority: P5 Flags: requate: Patch_Available+
Version: UCS 3.1   
Target Milestone: UCS 3.1-ES   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Security
Max CVSS v3 score:

Description Arvid Requate univentionstaff 2015-05-04 12:58:50 CEST 
+++ This bug was initially created as a clone of Bug #38425 +++

clamav 0.98.7+dfsg-1 fixes these security issues:

* Crash in upx decoder with crafted file (CVE-2015-2170)
* Infinite loop condition on crafted y0da cryptor file (CVE-2015-2221)
* Crash on crafted petite packed file (CVE-2015-2222)
* Infinite loop condition on a crafted "xz" archive file (CVE-2015-2668)
* Heap overflow vulnerability in regcomp.c (CVE-2015-2305)
Comment 1 Arvid Requate univentionstaff 2015-06-01 12:06:34 CEST 

*** This bug has been marked as a duplicate of bug 38629 ***