Zwei Probleme in ClamAV
ID: | USN-1816-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 10.04 LTS, Ubuntu 11.10, Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04 |
Datum: | Fr, 3. Mai 2013, 20:01 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2021 |
Applikationen: | Clam Antivirus |
Originalnachricht |
|
--===============8764342061743835125== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="FL5UXtIhxfXey3p5" Content-Disposition: inline --FL5UXtIhxfXey3p5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ========================================================================== Ubuntu Security Notice USN-1816-1 May 03, 2013 clamav vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS Summary: ClamAV could be made to crash or run programs if it opened a specially crafted file. Software Description: - clamav: Anti-virus utility for Unix Details: It was discovered that ClamAV would incorrectly parse a UPX-packed executable, leading to possible inappropriate heap reads. An attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-2020) It was discovered that ClamAV would incorrectly parse a PDF document, potentially writing beyond the size of a static array. An attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-2021) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.04: clamav 0.97.8+dfsg-1ubuntu1.13.04.1 Ubuntu 12.10: clamav 0.97.8+dfsg-1ubuntu1.12.10.1 Ubuntu 12.04 LTS: clamav 0.97.8+dfsg-1ubuntu1.12.04.1 Ubuntu 11.10: clamav 0.97.8+dfsg-1ubuntu1.11.10.1 Ubuntu 10.04 LTS: clamav 0.97.8+dfsg-1ubuntu1.10.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart ClamAV to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1816-1 CVE-2013-2020, CVE-2013-2021 Package Information: https://launchpad.net/ubuntu/+source/clamav/0.97.8+dfsg-1ubuntu1.13.04.1 https://launchpad.net/ubuntu/+source/clamav/0.97.8+dfsg-1ubuntu1.12.10.1 https://launchpad.net/ubuntu/+source/clamav/0.97.8+dfsg-1ubuntu1.12.04.1 https://launchpad.net/ubuntu/+source/clamav/0.97.8+dfsg-1ubuntu1.11.10.1 https://launchpad.net/ubuntu/+source/clamav/0.97.8+dfsg-1ubuntu1.10.04.1 --FL5UXtIhxfXey3p5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJRg/CwAAoJEPMhclmdjS6X9LMH/Re1r9lMuSWTBReqDf2lrrWE Yjg29uxUrXRQdVHYQhqMt1ARvbw3GlKBTsaRIj36KhjlxnJ+CwpY1E/aJGiXlqzl 5jWx/fQyDA1zBeCaBfXIPkayCowKrT3gpzOsGAtkB9+8JeizmSmtin9g1Weqfzqs LJHlwDRqfJWDrbEul6iMubKza3uPCz07BKLt9iwULUx+qy3NduEQAD79SEY8N74O aX5sz+cX+mSnqykJ6VWw1x0gEWF+qy8NcS6ns+oYC/P+nuyL2NTAJjRSKeYHNhTE gNxtIqKQKyvmhloKJgNiFI5BgQ1+01MA4hV8qqLMfzO3SEe+wSG8pG3TfSQYAvA= =rgmL -----END PGP SIGNATURE----- --FL5UXtIhxfXey3p5-- --===============8764342061743835125== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============8764342061743835125==-- |