Cross-References: CVE-2013-6497 CVE-2014-9050 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________
An update that solves two vulnerabilities and has four fixes is now available. It includes one version update.
clamav was updated to version 0.98.5 to fix five security issues:
* Crash when scanning maliciously crafted yoda's crypter files (CVE-2013-6497). * Heap-based buffer overflow when scanning crypted PE files (CVE-2014-9050). * Fix heap corruption (CVE-2013-2020). * Fix overflow due to PDF key length computation (CVE-2013-2021). * Crash when using 'clamscan -a'.
Several non-security issues have also been fixed, please refer to the package's change log for details.