drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in ClamAV
Name: |
Zwei Probleme in ClamAV |
|
ID: |
USN-1816-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 11.10, Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04 |
|
Datum: |
Fr, 3. Mai 2013, 20:01 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2021 |
|
Applikationen: |
Clam Antivirus |
|
Originalnachricht |
--===============8764342061743835125== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="FL5UXtIhxfXey3p5" Content-Disposition: inline
--FL5UXtIhxfXey3p5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-1816-1 May 03, 2013
clamav vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS
Summary:
ClamAV could be made to crash or run programs if it opened a specially crafted file.
Software Description: - clamav: Anti-virus utility for Unix
Details:
It was discovered that ClamAV would incorrectly parse a UPX-packed executable, leading to possible inappropriate heap reads. An attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-2020)
It was discovered that ClamAV would incorrectly parse a PDF document, potentially writing beyond the size of a static array. An attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-2021)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.04: clamav 0.97.8+dfsg-1ubuntu1.13.04.1
Ubuntu 12.10: clamav 0.97.8+dfsg-1ubuntu1.12.10.1
Ubuntu 12.04 LTS: clamav 0.97.8+dfsg-1ubuntu1.12.04.1
Ubuntu 11.10: clamav 0.97.8+dfsg-1ubuntu1.11.10.1
Ubuntu 10.04 LTS: clamav 0.97.8+dfsg-1ubuntu1.10.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart ClamAV to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1816-1 CVE-2013-2020, CVE-2013-2021
Package Information: https://launchpad.net/ubuntu/+source/clamav/0.97.8+dfsg-1ubuntu1.13.04.1 https://launchpad.net/ubuntu/+source/clamav/0.97.8+dfsg-1ubuntu1.12.10.1 https://launchpad.net/ubuntu/+source/clamav/0.97.8+dfsg-1ubuntu1.12.04.1 https://launchpad.net/ubuntu/+source/clamav/0.97.8+dfsg-1ubuntu1.11.10.1 https://launchpad.net/ubuntu/+source/clamav/0.97.8+dfsg-1ubuntu1.10.04.1
--FL5UXtIhxfXey3p5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJRg/CwAAoJEPMhclmdjS6X9LMH/Re1r9lMuSWTBReqDf2lrrWE Yjg29uxUrXRQdVHYQhqMt1ARvbw3GlKBTsaRIj36KhjlxnJ+CwpY1E/aJGiXlqzl 5jWx/fQyDA1zBeCaBfXIPkayCowKrT3gpzOsGAtkB9+8JeizmSmtin9g1Weqfzqs LJHlwDRqfJWDrbEul6iMubKza3uPCz07BKLt9iwULUx+qy3NduEQAD79SEY8N74O aX5sz+cX+mSnqykJ6VWw1x0gEWF+qy8NcS6ns+oYC/P+nuyL2NTAJjRSKeYHNhTE gNxtIqKQKyvmhloKJgNiFI5BgQ1+01MA4hV8qqLMfzO3SEe+wSG8pG3TfSQYAvA= =rgmL -----END PGP SIGNATURE-----
--FL5UXtIhxfXey3p5--
--===============8764342061743835125== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8764342061743835125==--
|
|
|
|