Login
Newsletter
Werbung

Sicherheit: Denial of Service in ClamAV
Aktuelle Meldungen Distributionen
Name: Denial of Service in ClamAV
ID: USN-1258-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10
Datum: Fr, 11. November 2011, 09:48
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3627
Applikationen: Clam Antivirus

Originalnachricht


--===============1076430337689474683==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-2S880HK/obMW96U4pJK6"


--=-2S880HK/obMW96U4pJK6
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1258-1
November 10, 2011

clamav vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

ClamAV could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
- clamav: Anti-virus utility for Unix

Details:

Stephane Chazelas discovered the bytecode engine of ClamAV improperly
handled recursion under certain circumstances. This could allow a remote
attacker to craft a file that could cause ClamAV to crash, resulting in a
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
libclamav6 0.97.3+dfsg-1ubuntu0.11.10.1

Ubuntu 11.04:
libclamav6 0.97.3+dfsg-1ubuntu0.11.04.1

Ubuntu 10.10:
libclamav6 0.96.5+dfsg-1ubuntu1.10.10.3

Ubuntu 10.04 LTS:
libclamav6 0.96.5+dfsg-1ubuntu1.10.04.3

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1258-1
CVE-2011-3627

Package Information:
https://launchpad.net/ubuntu/+source/clamav/0.97.3+dfsg-1ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/clamav/0.97.3+dfsg-1ubuntu0.11.04.1
https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.10.3
https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.3



--ÒS880HK/obMW96U4pJK6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJOvBwpAAoJEFHb3FjMVZVzeuEQAIAGgjHxiGod7csBjp1YWufJ
4HbRiQye48lGB7hZ9+65cpCtsiqJmoPwbD4FeGXBOYrLhPsZyVUsV2sA665Br7gu
qYA4qLI2GHM54e3+in8uEC8qhIZmqPfAr7E9PRnNqF3B8ALlm0xFhSjuxJOxmP44
gb26WRFr7Be9ll4EbvcSB/YJde9447SHSqH8KFxM6E4g300EIP8HTacXP8Aty7Cr
298iA4GGFteBD3WJYiqXmabonSyZIvdhyC1qzkjYn3O1TWncVnDXQcI1YlFBH3ks
vu/zHGApSiVxp9M8iu9dy9VPXIjcIBKMu8XMJGVfzYe7XOgFvnOA95lJOIulA5KU
3MSeeLOlHXuW6fOEmzt3a5tAP9vJnyDOzK/bqleny1YuI+ZCaUSzR+YKuCu+dMDm
AYMjDdVoSR2rvegXkaxqPTj3+tsjBKATIfcrgMRpwbMkgmlGaOgY04biiwfm6JKp
oNlxBgBI3fPmdnSJMLa5I65hNUeqnftTgsuQOpHmgRHupMnbfqdBfq/uAjSQeM/4
1cY0Ki9x/Xg5G27T0FcfC+DKshbAkaCDeykf7P9eouzGYVT5h8lReSn9ZD3iTsoK
6BH0OqQjjE5owLw+8/xX/SKpR8vcZs9iu491fmYc6PkZd8ebkxzLVEdsQSD66Do7
sYaxlziOr+MWbW/jhzI/
=q9t7
-----END PGP SIGNATURE-----

--=-2S880HK/obMW96U4pJK6--



--===============1076430337689474683==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1076430337689474683==--
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung