drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in ClamAV (Aktualisierung)
Name: |
Zwei Probleme in ClamAV (Aktualisierung) |
|
ID: |
USN-3722-3 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS |
|
Datum: |
Fr, 27. Juli 2018, 00:20 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0361
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0360 |
|
Applikationen: |
Clam Antivirus |
|
Update von: |
Zwei Probleme in ClamAV |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5668118694917576106== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="B1bP6foSN6kT8HxPdDh2DRut5FUQAirGk"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --B1bP6foSN6kT8HxPdDh2DRut5FUQAirGk Content-Type: multipart/mixed; boundary="nILJd60wkeMsWuPMrr9c3FKm7x5FVRk1l"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <17581144-72b5-06be-9b32-2602bfb84cb2@canonical.com> Subject: [USN-3722-3] ClamAV regression
--nILJd60wkeMsWuPMrr9c3FKm7x5FVRk1l Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3722-3 July 26, 2018
clamav regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
USN-3722-1 introduced a regression in ClamAV.
Software Description: - clamav: Anti-virus utility for Unix
Details:
USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version removed some configuration options which caused the daemon to fail to start in environments where the ClamAV configuration file was manually edited. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0360) It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0361)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: clamav 0.100.1+dfsg-1ubuntu0.18.04.2
Ubuntu 16.04 LTS: clamav 0.100.1+dfsg-1ubuntu0.16.04.2
Ubuntu 14.04 LTS: clamav 0.100.1+dfsg-1ubuntu0.14.04.2
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3722-3 https://usn.ubuntu.com/usn/usn-3722-1 https://launchpad.net/bugs/1783632
Package Information: https://launchpad.net/ubuntu/+source/clamav/0.100.1+dfsg-1ubuntu0.18.04.2 https://launchpad.net/ubuntu/+source/clamav/0.100.1+dfsg-1ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/clamav/0.100.1+dfsg-1ubuntu0.14.04.2
--nILJd60wkeMsWuPMrr9c3FKm7x5FVRk1l--
--B1bP6foSN6kT8HxPdDh2DRut5FUQAirGk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAltZ+74ACgkQZWnYVadE vpOblQ/5Ab3Z+yekDwYwRQKEDh9zKramG0MGN6bIBSST6MGDBvLfkKGXUHWkcrRK 5V64Boczah8xiicUxG2f+jELIlkox0A0W5+wMIFlPe43XIZCUMypNABJDyUSQJU8 RioPYbRyKoWEeGsd3ztnbTg07aT6QAEVgEGjOSHvNHsB9ETBZEOBC3IKmPOmTgSS yt43FWtX2zcyDdXggcb8X/8M2pMQorDq3r3EwUMgJ3A+WPn6sM/J5JWOWnq2dLvG +OvOM28txD6KnRZSJpNxrxfWX94hKnXwBvr/23yz2VjDWRh2b+nQooUkZ5Zo1xOq tSJ+4AGHabHNUz81+U84aun7xeN5oZ6zBDqrfdCLLwk6B98RAqdDfoKB7/GFO0RZ jIH/7GQdeknTMG7WLHqIv2TPyoGSXYqbEwa9cb3tJPDn8k1k3p2G+L7jQEWqmXSO 5ruRB9SVKShfBkhr0YGxZlQA+gs2l1Yp8MJtIPsFjVZ7fnb8l8rWx7FziPkXsvNh wSIhCKOMUleXi9d23lftWomM9G4RY4U6c23y4BZaD8ix4MLx/a17I8RZqueXTXk3 pI9MgE3+FKwGvf1VI169NkU4sYosKj7nT1bBnGYxgQo2EV140vfhlmxGUnwGUZo6 4JRR+AzVgT7V1BbZOcJtgT+jQ38xZjdrXz1/OYDx3fEUxX08sMc= =F7oh -----END PGP SIGNATURE-----
--B1bP6foSN6kT8HxPdDh2DRut5FUQAirGk--
--===============5668118694917576106== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============5668118694917576106==--
|
|
|
|