Sicherheit: Denial of Service in ClamAV

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============2769063142769818020==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="0l4sq76653ESvrUwmPisN85gCLVkaGEnH"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--0l4sq76653ESvrUwmPisN85gCLVkaGEnH
Content-Type: multipart/mixed;
boundary="dY41jUXtFpLIevo8gVjngInE72oMzOFB9"

--dY41jUXtFpLIevo8gVjngInE72oMzOFB9
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4230-1
January 08, 2020

clamav vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.10
- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

ClamAV could be made to crash if it opened a specially crafted file.

Software Description:
- clamav: Anti-virus utility for Unix

Details:

It was discovered that ClamAV incorrectly handled certain MIME messages. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
clamav 0.102.1+dfsg-0ubuntu0.19.10.2

Ubuntu 19.04:
clamav 0.102.1+dfsg-0ubuntu0.19.04.2

Ubuntu 18.04 LTS:
clamav 0.102.1+dfsg-0ubuntu0.18.04.2

Ubuntu 16.04 LTS:
clamav 0.102.1+dfsg-0ubuntu0.16.04.2

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/4230-1
CVE-2019-15961

Package Information:
https://launchpad.net/ubuntu/+source/clamav/0.102.1+dfsg-0ubuntu0.19.10.2
https://launchpad.net/ubuntu/+source/clamav/0.102.1+dfsg-0ubuntu0.19.04.2
https://launchpad.net/ubuntu/+source/clamav/0.102.1+dfsg-0ubuntu0.18.04.2
https://launchpad.net/ubuntu/+source/clamav/0.102.1+dfsg-0ubuntu0.16.04.2

--dY41jUXtFpLIevo8gVjngInE72oMzOFB9--

--0l4sq76653ESvrUwmPisN85gCLVkaGEnH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl4V7j4ACgkQZWnYVadE
vpP7xw/9GHdd0O5GfBy1+fWROEYuZhYy4YeymD5+MRhc4N4frX1LiQP/GVQ2uyON
1Qo5C9zCQ/uTbfeOk6OgqulRK7J9Jm8LBBsLfVSa8PsDBuLoUdo06t7yvtCF9VZi
TezNORtCrAEQo8QXNH4el1ElHUHXowc2UrxXISEFuJH7iu4FSoj0UT6UNQZfroQf
IDEZmsfnMh4S0m5pr8udGIvq0c5kStboX2t78Bl8xum88hMUjIVKofRYjF0Ebz8X
j8nQ8y6zRn0ZKU4J3TR8x7tj9LMxCPuCA///3pukKg4gbZ58c/o+bYcPNL4FUBAH
TF+TrC912Jal5qB4a8pn9YIto988I2kPMPR538hOKn8X6kZb+cXMPR9Pxx7XD2rG
lfv7wMhUyOJcnQro8DwdAdQxME/BQVyvS1XZGw8+0j/uKwxcTBGfMAhN+W4ScUjo
J4TAAKoJrkU0DIkTReGBU72PPIMLpvfVGXapyO9H9xnoqfEnRlBzF/7d0a6q1t5T
CulFIq1mCleEBB3ppP5TP1DQk63A0CksNs6nDGxgp/QG1LoQnRuy8RSHfi/DuZIy
clNepu0TMRhKK878PF9kcenXQq4gv8wzMzT/+a4/qxRszVS3KXotKv9MVLTtNE5x
SS9w1M7rQHOGsokXqxBV0iba/IZ/XFc2u1WTHUAxOYwPioRaRgo=
=Gmb5
-----END PGP SIGNATURE-----

--0l4sq76653ESvrUwmPisN85gCLVkaGEnH--

--===============2769063142769818020==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============2769063142769818020==--