Monday, January 27, 2025

[USN-7229-1] ClamAV vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmeXx34FAwAAAAAACgkQZWnYVadEvpM6
Ag/9HReWvkGZNRz2tBLGRure1AsyAAsGqtNySQHZAatuLWaJII9mPSZ3wVLjtZUJqNsvYPiDH13E
ijg84BPIeyF+6aNXO3JRo6KEMKi2cbcZfdOrTHaCL8ORvy4xYn27xX2+7JaLnR+ecFqLdWMUQhXL
oXG08NkjubnVWLDtMhuLI5QjEFm0ssxAROQ8ovAQ2FSagLojw0dipiH8UDJmyM8Wu+wqdOoz5EWy
Yd3kbp10O2tdaaq5cwhN4X6YKyUpWKaYBV71cCSjDenGXZslMngSld2vpbj3JYj7TbZZ/9d0syPt
T8WTMrfZufReae4ao+QtsxWBtWOwPZa1ulFynPNUckTbWunonC/gBqlQttPZ5AE50TkissUmaFPw
tw9j1CtqK1HFHsd5LXj7IKO08QbaEwFWigcYL3UX5OzIhWyXSOvryZak0Ae1SbzaYraCqhNwWxUg
MQLOEKQaMfoVwCt+tUCRMBosY/I+jFd8BXfMOidDh5osLaMKTMvTCla/+Iggo0P8KIMqajARt+sA
txfsjmAmWbltY0gyoMZZ5qWd0681R8izoyRfDlDdOu8RLvlfw/aLQMQdK/qOZpEQI/RqTeUwlg/l
X8cWn+R3pIo5nBHONI8Qnmuiwn8Bz8UTar6glG6QbFLk8MR89NFDGs0smhRti5WJt2P52Z1vVYNi
5pQ=
=kSGL
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7229-1
January 27, 2025

clamav vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS

Summary:

ClamAV could be made to crash if it opened a specially crafted file.

Software Description:
- clamav: Anti-virus utility for Unix

Details:

It was discovered that ClamAV incorrectly handled decrypting OLE2 content.
A remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
clamav 1.4.2+dfsg-0ubuntu0.24.10.1

Ubuntu 24.04 LTS
clamav 1.0.8+dfsg-0ubuntu0.24.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://ubuntu.com/security/notices/USN-7229-1
CVE-2025-20128

Package Information:
https://launchpad.net/ubuntu/+source/clamav/1.4.2+dfsg-0ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/clamav/1.0.8+dfsg-0ubuntu0.24.04.1

No comments:

Post a Comment