4
ClamAV 0.98.6 is a bug fix release correcting the following:
6
- library shared object revisions.
7
- installation issues on some Mac OS X and FreeBSD platforms.
8
- includes a patch from Sebastian Andrzej Siewior making
9
ClamAV pid files compatible with systemd.
10
- Fix a heap out of bounds condition with crafted Yoda's
11
crypter files. This issue was discovered by Felix Groebert
12
of the Google Security Team.
13
- Fix a heap out of bounds condition with crafted mew packer
14
files. This issue was discovered by Felix Groebert of the
16
- Fix a heap out of bounds condition with crafted upx packer
17
files. This issue was discovered by Kevin Szkudlapski of
19
- Fix a heap out of bounds condition with crafted upack packer
20
files. This issue was discovered by Sebastian Andrzej Siewior.
22
- Compensate a crash due to incorrect compiler optimization when
23
handling crafted petite packer files. This issue was discovered
24
by Sebastian Andrzej Siewior.
26
Thanks to the following ClamAV community members for code submissions
27
and bug reporting included in ClamAV 0.98.6:
4
ClamAV 0.98.7 is here! This release contains new scanning features
7
- Improvements to PDF processing: decryption, escape sequence
8
handling, and file property collection.
9
- Scanning/analysis of additional Microsoft Office 2003 XML format.
10
- Fix infinite loop condition on crafted y0da cryptor file. Identified
11
and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
12
- Fix crash on crafted petite packed file. Reported and patch
13
supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
14
- Fix false negatives on files within iso9660 containers. This issue
15
was reported by Minzhuan Gong.
16
- Fix a couple crashes on crafted upack packed file. Identified and
17
patches supplied by Sebastian Andrzej Siewior.
18
- Fix a crash during algorithmic detection on crafted PE file.
19
Identified and patch supplied by Sebastian Andrzej Siewior.
20
- Fix an infinite loop condition on a crafted "xz" archive file.
21
This was reported by Dimitri Kirchner and Goulven Guiheux.
23
- Fix compilation error after ./configure --disable-pthreads.
24
Reported and fix suggested by John E. Krokes.
25
- Apply upstream patch for possible heap overflow in Henry Spencer's
26
regex library. CVE-2015-2305.
27
- Fix crash in upx decoder with crafted file. Discovered and patch
28
supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
29
- Fix segfault scanning certain HTML files. Reported with sample by
31
- Improve detections within xar/pkg files.
33
As always, we appreciate contributions of bug reports, code fixes,
34
and sample submission from the ClamAV community members:
29
36
Sebastian Andrzej Siewior
36
45
The ClamAV team (http://www.clamav.net/about.html#credits)