drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in ClamAV
Name: |
Mehrere Probleme in ClamAV |
|
ID: |
USN-5423-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 21.10, Ubuntu 22.04 LTS |
|
Datum: |
Mi, 18. Mai 2022, 07:24 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20771
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20770
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20792
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20796 |
|
Applikationen: |
Clam Antivirus |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============0036850148149540029== Content-Language: en-CA Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------Mkuzb5zzK870yHlzJxmFdB5t"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------Mkuzb5zzK870yHlzJxmFdB5t Content-Type: multipart/mixed; boundary="------------nE3VymzvkrW7vSIHclBpbgBh"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <0a714566-8e3f-16cb-3ac8-3e02595428d9@canonical.com> Subject: [USN-5423-1] ClamAV vulnerabilities
--------------nE3VymzvkrW7vSIHclBpbgBh Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-5423-1 May 17, 2022
clamav vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in ClamAV.
Software Description: - clamav: Anti-virus utility for Unix
Details:
MichaÅ Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20770)
MichaÅ Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20771)
MichaÅ Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service. (CVE-2022-20785)
MichaÅ Dardas discovered that ClamAV incorrectly handled loading the signature database. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-20792)
Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly handled the scan verdict cache check. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-20796)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: clamav 0.103.6+dfsg-0ubuntu0.22.04.1
Ubuntu 21.10: clamav 0.103.6+dfsg-0ubuntu0.21.10.1
Ubuntu 20.04 LTS: clamav 0.103.6+dfsg-0ubuntu0.20.04.1
Ubuntu 18.04 LTS: clamav 0.103.6+dfsg-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5423-1 CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796
Package Information: https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.21.10.1 https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.18.04.1
--------------nE3VymzvkrW7vSIHclBpbgBh--
--------------Mkuzb5zzK870yHlzJxmFdB5t Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmKDn48ACgkQZWnYVadE vpPnVQ/+L2Bv/Jl3Q4DuK9aL+inmFNhdjQvnmlfCkMD0Cf9yQkHJemZsBQQZczH1 /kJXk2OaZW4gIYvrJKPABFy+BQfEAGNdeJ6j+BlbL0pgjwZs52myRaEWKS/Hu7ji SfZ6d4VNHqnNvSdyAim5UK5Vkg4hPz0I8/Zn2iAfdsvShrQ3jxqv62i2+MYKA0EM aDflTFRII5aKvWQjUDD7D2dwZJjSliMv6i0kWHoyhJV+z+t2NlftWeUfwvHzaq/x 3QsKCIVP0QQ0Y7DHUg2eRB4tBuW9e/MDVxppEYPkjlHM4bYHuM6IdD2yhwKwEz8U qf6QS4sDktV//Fw1cL/0usexk7WFzRtUDF2tEnh2K3vrqcEGOu6/DMYK1WRg/mGw gj9iQPU4kRxsRZMjGGQxo2/aiq/UMVVImWDE43WI4FUff100YGkWkm+xxVFdnscn BuDeoOmZDl32574N+uFe32vrUDjU/E6MyygHimBR/SVTsuQQH3hkmOC4n80ifpWV x46i6NjJ9rwPU7W6lhHQRZeOo5tvRbODGquViYtCmBBLB94fWHUEIVxBV/N952ds gZjWe9IJFoLiwtujR36BTKe475RTktzXGtA2ac4PT2F6LqI8KMJx2TjidWYj8aw/ 7rDquc4XIQj//oo4sNrWk4pfxwMUXS9LyLMst3pwNG4U99GzD2c= =DCWz -----END PGP SIGNATURE-----
--------------Mkuzb5zzK870yHlzJxmFdB5t--
--===============0036850148149540029== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============0036850148149540029==--
|
|
|
|