Upstream clamav version 0.95.1 seems to fix two bugs that may cause clamscan / clamd to crash when scanning certain inputs: Crash when scanning a malformed file packed with UPack Upstream bug: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1552 cli_url_canon buffer overflow (this only seems to affect 0.95.x) Upstream bug: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1553 Both fixed upstream in: svn diff -c 5032 http://svn.clamav.net/svn/clamav-devel/
Package: clamav-0.95.1-1.fc11 Tag: dist-f11 Status: complete Built by: robert 1963 (clamav): Build on target fedora-5-epel succeeded. 1965 (clamav): Build on target fedora-4-epel succeeded.
CVE-2009-1371: The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding. CVE-2009-1372 Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL.
*** Bug 522157 has been marked as a duplicate of this bug. ***