Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in ClamAV (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in ClamAV (Aktualisierung)
ID: USN-3722-3
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS
Datum: Fr, 27. Juli 2018, 00:20
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0361
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0360
Applikationen: Clam Antivirus
Update von: Zwei Probleme in ClamAV

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============5668118694917576106==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="B1bP6foSN6kT8HxPdDh2DRut5FUQAirGk"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--B1bP6foSN6kT8HxPdDh2DRut5FUQAirGk
Content-Type: multipart/mixed;
boundary="nILJd60wkeMsWuPMrr9c3FKm7x5FVRk1l";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <17581144-72b5-06be-9b32-2602bfb84cb2@canonical.com>
Subject: [USN-3722-3] ClamAV regression

--nILJd60wkeMsWuPMrr9c3FKm7x5FVRk1l
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3722-3
July 26, 2018

clamav regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

USN-3722-1 introduced a regression in ClamAV.

Software Description:
- clamav: Anti-virus utility for Unix

Details:

USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version
removed some configuration options which caused the daemon to fail to start
in environments where the ClamAV configuration file was manually edited.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that ClamAV incorrectly handled parsing certain HWP
files. A remote attacker could use this issue to cause ClamAV to hang,
resulting in a denial of service. (CVE-2018-0360)
It was discovered that ClamAV incorrectly handled parsing certain PDF
files. A remote attacker could use this issue to cause ClamAV to hang,
resulting in a denial of service. (CVE-2018-0361)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
clamav 0.100.1+dfsg-1ubuntu0.18.04.2

Ubuntu 16.04 LTS:
clamav 0.100.1+dfsg-1ubuntu0.16.04.2

Ubuntu 14.04 LTS:
clamav 0.100.1+dfsg-1ubuntu0.14.04.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3722-3
https://usn.ubuntu.com/usn/usn-3722-1
https://launchpad.net/bugs/1783632

Package Information:
https://launchpad.net/ubuntu/+source/clamav/0.100.1+dfsg-1ubuntu0.18.04.2
https://launchpad.net/ubuntu/+source/clamav/0.100.1+dfsg-1ubuntu0.16.04.2
https://launchpad.net/ubuntu/+source/clamav/0.100.1+dfsg-1ubuntu0.14.04.2


--nILJd60wkeMsWuPMrr9c3FKm7x5FVRk1l--

--B1bP6foSN6kT8HxPdDh2DRut5FUQAirGk
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAltZ+74ACgkQZWnYVadE
vpOblQ/5Ab3Z+yekDwYwRQKEDh9zKramG0MGN6bIBSST6MGDBvLfkKGXUHWkcrRK
5V64Boczah8xiicUxG2f+jELIlkox0A0W5+wMIFlPe43XIZCUMypNABJDyUSQJU8
RioPYbRyKoWEeGsd3ztnbTg07aT6QAEVgEGjOSHvNHsB9ETBZEOBC3IKmPOmTgSS
yt43FWtX2zcyDdXggcb8X/8M2pMQorDq3r3EwUMgJ3A+WPn6sM/J5JWOWnq2dLvG
+OvOM28txD6KnRZSJpNxrxfWX94hKnXwBvr/23yz2VjDWRh2b+nQooUkZ5Zo1xOq
tSJ+4AGHabHNUz81+U84aun7xeN5oZ6zBDqrfdCLLwk6B98RAqdDfoKB7/GFO0RZ
jIH/7GQdeknTMG7WLHqIv2TPyoGSXYqbEwa9cb3tJPDn8k1k3p2G+L7jQEWqmXSO
5ruRB9SVKShfBkhr0YGxZlQA+gs2l1Yp8MJtIPsFjVZ7fnb8l8rWx7FziPkXsvNh
wSIhCKOMUleXi9d23lftWomM9G4RY4U6c23y4BZaD8ix4MLx/a17I8RZqueXTXk3
pI9MgE3+FKwGvf1VI169NkU4sYosKj7nT1bBnGYxgQo2EV140vfhlmxGUnwGUZo6
4JRR+AzVgT7V1BbZOcJtgT+jQ38xZjdrXz1/OYDx3fEUxX08sMc=
=F7oh
-----END PGP SIGNATURE-----

--B1bP6foSN6kT8HxPdDh2DRut5FUQAirGk--


--===============5668118694917576106==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============5668118694917576106==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung