Sicherheit: Mehrere Probleme in Clam Antivirus (Aktualisierung)

Lesezeichen hinzufügen

--===============0650455665810119860==
Content-Type: multipart/signed; micalg="pgp-sha256";
protocol="application/pgp-signature";
boundary="=-wK40abjyyHuaUoQqVqRu"

--=-wK40abjyyHuaUoQqVqRu
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3550-2
February 05, 2018

clamav vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in ClamAV.

Software Description:
- clamav: Anti-virus utility for Unix

Details:

USN-3550-1 fixed several vulnerabilities in ClamAV. This update
provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

It was discovered that ClamAV incorrectly handled parsing certain mail
messages. A remote attacker could use this issue to cause ClamAV to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2017-12374, CVE-2017-12375, CVE-2017-12379, CVE-2017-12380)

It was discovered that ClamAV incorrectly handled parsing certain PDF
files. A remote attacker could use this issue to cause ClamAV to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2017-12376)

It was discovered that ClamAV incorrectly handled parsing certain mew
packet files. A remote attacker could use this issue to cause ClamAV
to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2017-12377)

It was discovered that ClamAV incorrectly handled parsing certain TAR
files. A remote attacker could possibly use this issue to cause ClamAV
to crash, resulting in a denial of service. (CVE-2017-12378)

In the default installation, attackers would be isolated by the ClamAV
AppArmor profile.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
clamav 0.99.3+addedllvm-0ubuntu0.12.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://www.ubuntu.com/usn/usn-3550-2
https://www.ubuntu.com/usn/usn-3550-1
CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377,
CVE-2017-12378, CVE-2017-12379, CVE-2017-12380

--=-wK40abjyyHuaUoQqVqRu
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJaeIZoAAoJEEW851uECx9prdAP/imI1g3ZvMcYF3DbaJahDgr8
WOIKqs/SbHN1d262uikiMQ1QAps1HhmDMg6XwIF8zltpU9S5T+ghe99MPlxStWiZ
9lH2KdM8swPwbIP8UBJPx56ELjRqsJ6GieUWlAZl33t21lq6hzkiQxm97P9MTxwV
zKL86asJPblVwlup4gmcJLmRmnZZJJ9cl3mvAqQffeDlcF/Hvi0bzRq6anzXlI2p
FbhJG9JsW7CvSnhCAvrWsOb79FO91hTTDk7aWZmgBre6rPli8kii06AwAKxVU0hR
fScOB6qxq568B0DPnL0jlldmpxokjUL1H7+1wP0Z/FWQ+SjrhD0ZggpdDiqtn8n4
jC9yF9wxr61g8/LrDl+KKxvXjatwZiACd1v+nx1nVtSEajwWbpjJoVLWWWi570Lf
DJRBSgT4euUqAp41ouoyHlefYbFaYavct4YJE5l47RXwVCtL3uag20jli+s49olH
yVpMOEURHRYzYV3y9ByLRUSF+PIx1DPLWoo/Ofh8Sgn+LgZ+fAXFXccPnqLYHk8T
kZ8zD/wN+NS3UuQ7DHoVUPiJxb2YW3aSKRvOCp9AJmTvSiEKHQG4pQdS/Q/g2+Bd
l9fvUivoNdLjQBZqc3iSvS4dg34eKcrh3i1rVRNzfOGPDHPAqffZGy7Q015ys0cU
krcBACpSBjpsB+R6RaV3
=gNsw
-----END PGP SIGNATURE-----

--=-wK40abjyyHuaUoQqVqRu--

--===============0650455665810119860==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============0650455665810119860==--