drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in ClamAV
Name: |
Zwei Probleme in ClamAV |
|
ID: |
USN-2423-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 14.10 |
|
Datum: |
Do, 27. November 2014, 07:55 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9050 |
|
Applikationen: |
Clam Antivirus |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============4018207704092059517== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="J3kQRLh7Xefl0NvUVvpOfRsvcCsNBu7pv"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --J3kQRLh7Xefl0NvUVvpOfRsvcCsNBu7pv Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2423-1 November 26, 2014
clamav vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
ClamAV could be made to crash or run programs if it processed a specially crafted file.
Software Description: - clamav: Anti-virus utility for Unix
Details:
Kurt Seifried discovered that ClamAV incorrectly handled certain JavaScript files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-6497)
Damien Millescamp discovered that ClamAV incorrectly handled certain PE files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9050)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: clamav 0.98.5+dfsg-0ubuntu0.14.10.1
Ubuntu 14.04 LTS: clamav 0.98.5+addedllvm-0ubuntu0.14.04.1
Ubuntu 12.04 LTS: clamav 0.98.5+addedllvm-0ubuntu0.12.04.1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2423-1 CVE-2013-6497, CVE-2014-9050
Package Information: https://launchpad.net/ubuntu/+source/clamav/0.98.5+dfsg-0ubuntu0.14.10.1 https://launchpad.net/ubuntu/+source/clamav/0.98.5+addedllvm-0ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/clamav/0.98.5+addedllvm-0ubuntu0.12.04.1
--J3kQRLh7Xefl0NvUVvpOfRsvcCsNBu7pv Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJUdjEgAAoJEGVp2FWnRL6T8wsP/R35RMCsD1GwdLig8KWyD05L c6+V3aZFmXnxYcIUBeTauL6P4/8ZNrvhtvZIO9oqhPWilgHEU7TPrqWCzsbevcW1 D3q5qgpn9h3SQh6JAgqCUaMbv8/oVEUlwssyDurt///FDNpahPheFNF/nuMhsiWU lN9G4jhDVbDDri4MsjJv54gy8jYETKV0SSqwVgElZa2nD+8DeW4jMVMnB+u3YpDB 1Yx/zb16q4KmAuI5HhbIRej/5gajGkF1ZCcyphmqwiaLYLtvVxzpVwy4l+hWZioV k63raIKM66YxPYjqM119tARc8p+5Ce5uDx9/Vl2jNppZamr9Vpbk93OnBgwGDwho SAUb61ronrBQL9e/1Tzjm0eYDialAYyaLZAFUQ72q0zlCSRCYJaQvwDvAe06EWeU b38YlCCnaz6LLhjyardcqrl+491RPHdyEMTPqmKDx24cMEt6eWTwZhWIqCIzKGuo 4XCuMo++BfJwIxDlQs6TUv+kY5FAKY0fuWhXnH1ap9VLUYFXccLM3H3bUT5Zknw9 3bywlEWPMzcxwswhYsRpE+yt/Gxnb/ugVwAmVxBfkJ+g5Se3hQHZZ/C/U3xiwvDp hkU/ipeFnTvmczzm27mOv3iuGRTRKwsKUjGruq00+93GYvAVUoNMbWeXy/8o2w9h D5a9apGQxbzPdIEV4Doe =l2EC -----END PGP SIGNATURE-----
--J3kQRLh7Xefl0NvUVvpOfRsvcCsNBu7pv--
--===============4018207704092059517== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4018207704092059517==--
|
|
|
|