Wednesday, October 2, 2019

[USN-4146-1] ClamAV vulnerabilities

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl2UkSYACgkQZWnYVadE
vpN/WxAAsEXTRjwh5TEjiiQP5BuuszKCzHgLBFRjeOWLzBL2VUt3ZPGQoTMwOhDj
KrF3b/AAkkEVnkJ1U6yv8fUgrE5jVv2lXrbHmVAFqIrtQ2cDYOFePfRNg4hgN4C1
ZtY1Zt5F8oTVBqa94/KYoJtnG86zAQg22hiizqzwwicgt+aigeZuhsZ0duW3v16K
Er4P0edB94s7BXTuTh8h+QUJ49lgnmDEhndsszysfLnWU0VG+4yl4ZSoTLK+dCyS
9WoElbgswAkiSIEiiyLYyIPwc69TXXZ8l3VLkWnVVoaJzsNUGtfNyX7h0QXTC9+N
PmWvn3k0xM5bloJxkKfO8DU+w5n1deCYBTuKQNTvEe2jC1rFD3L3bs4B5MuJVn3Y
C8LhCqkdv8W4A03TB9i/OGuzD8lv7gleIDNDhNX97chxqCsTM47SujhGtD4QzmRU
vkiMhSF2XzmhEjt3oZN6EZcSOfTb7is6cy2RcvnIyqmY/4XQd/wMO4vuVh+LZsQZ
dd29a8eg1X0teleD/E1FOTBWSd1S7A/s3s/+01mWPsCPE+fHudsgYmoFJTn7nGe1
T1t2+Xmal/qWj1O5hLwCjaoUtK9xru04fKaJ3Rdk8Tff2rjmLT0XlQroi1BY0TX1
N7QvJOU3QUaHFJu1wGLJDHi9+DWD0ZhlHLUDdza7AXETtkU8X+s=
=8Y6i
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4146-1
October 02, 2019

clamav vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in ClamAV.

Software Description:
- clamav: Anti-virus utility for Unix

Details:

It was discovered that ClamAV incorrectly handled unpacking ZIP files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2019-12625)

It was discovered that ClamAV incorrectly handled unpacking bzip2 files. A
remote attacker could use this issue to cause ClamAV to crash, resulting in
a denial of service, or possibly execute arbitrary code. (CVE-2019-12900)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
clamav 0.101.4+dfsg-0ubuntu0.19.04.1

Ubuntu 18.04 LTS:
clamav 0.101.4+dfsg-0ubuntu0.18.04.1

Ubuntu 16.04 LTS:
clamav 0.101.4+dfsg-0ubuntu0.16.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/4146-1
CVE-2019-12625, CVE-2019-12900

Package Information:
https://launchpad.net/ubuntu/+source/clamav/0.101.4+dfsg-0ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/clamav/0.101.4+dfsg-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/clamav/0.101.4+dfsg-0ubuntu0.16.04.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)