You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa ClamAV

Sigurnosni nedostatak programskog paketa ClamAV

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4280-1
February 18, 2020

clamav vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

ClamAV could be made to crash if it opened a specially crafted file.

Software Description:
– clamav: Anti-virus utility for Unix

Details:

It was discovered that ClamAV incorrectly handled memory when the
Data-Loss-Prevention (DLP) feature was enabled. A remote attacker could
possibly use this issue to cause ClamAV to crash, resulting in a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
clamav 0.102.2+dfsg-0ubuntu0.19.10.1

Ubuntu 18.04 LTS:
clamav 0.102.2+dfsg-0ubuntu0.18.04.1

Ubuntu 16.04 LTS:
clamav 0.102.2+dfsg-0ubuntu0.16.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary

References:
https://usn.ubuntu.com/4280-1
CVE-2020-3123

Package Information:
https://launchpad.net/ubuntu/+source/clamav/0.102.2+dfsg-0ubuntu0.19.10.1
https://launchpad.net/ubuntu/+source/clamav/0.102.2+dfsg-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/clamav/0.102.2+dfsg-0ubuntu0.16.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl5L7mcACgkQZWnYVadE
vpMi0BAAqJT9j5KwWsNdYnfwuMoPJD5yNvUXg4KF5qg8j06CYAttAYFnBLT57f/7
rwkS3qn4Nuc9AyYkdZOb8V/5wGg5/0oi29tw03Icok5eSJw+SMjjRyYjkkiF48jC
UNBKtASIDmRmnC7b8mJDzL4EmW+WJaaX6YUDXNuHnHvEELp8KkHJh8zaCc+V7v4/
WIPfa6XCdPscEE4EVr4en16z/Nqh12pmkSRK51agdFEupvDabj3YpMcEngNQKLsi
6r3zPg9AMW289c6Ncxs4MS7X1Y9HqbtTvDOwrMEYwi2/WKyb4+73i4cpIBi7aDib
ci/O4eMfJNMhFZx+91pNMVnqqdGv20lxDTKSb90A8kWFqIhzOgDjNK75lPc1T9dK
Od/U81dm3BS0Ejzv1stXpuTEvCYPeVoVdHgxuT2dlZDlvnPBv5apBilR7yvtCipt
dSyCDOpFein0sEQK/Cfl+mi+wVqqfPa4xacobz3WErkoPe4VPBFfxaGIBEWiIv90
fD1JOgozeCATJQ8vT/edx1VuoJVPQLtNUP2Ut+yQbICWNhR5BjkELY121/5gHQgq
BJkkdv6mPreyyBMx0z96n8PV/vVat7C74pntmFBqweWb4ZCKTZCe51oKtka/Kgoh
5KX8am7ELJ9hotdKm+OZW0gfANZkCSjfQ5lGQE+moEXqfefWZuo=
=+JOr
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4280-2
February 18, 2020

clamav vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

ClamAV could be made to crash if it opened a specially crafted file.

Software Description:
– clamav: Anti-virus utility for Unix

Details:

USN-4280-1 fixed a vulnerability in ClamAV. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that ClamAV incorrectly handled memory when the
Data-Loss-Prevention (DLP) feature was enabled. A remote attacker could
possibly use this issue to cause ClamAV to crash, resulting in a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
clamav 0.102.2+dfsg-0ubuntu0.14.04.1+esm1

Ubuntu 12.04 ESM:
clamav 0.102.2+dfsg-0ubuntu0.12.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary

References:
https://usn.ubuntu.com/4280-2
https://usn.ubuntu.com/4280-1
CVE-2020-3123
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl5MChYACgkQRbznW4QL
H2msjw/9HN2cHbWFytCW+vbz3R1F3TmcT4T9WTFDcj+4mMEVv52NTQtiPonDJKVq
Y8ydzg4SLJJoBBm3COMq8/S23aRXEVg+/x7GGNLMlGZu/a6JG24EItWhyA93zVv1
Uvywh/Fr/DbJ72kTMWhsZwwphvPHNOVLr8W92Z7FLw4l5clbUy5HAMFJMpcd3LnZ
XxRa6ijUwlQYN5pJFaicNTr0L0wkWerLIrxJx8k4F8NwYIp5vS0bZiyYr0pth3em
PxWrtsjPMtWXZ0VoBxfRpYADsNfhDnlp+WyU42Ikhy/2N7mLG41qetNNUoMZ5tN/
ekolM0mJn9lp4nDdt3CIQWwxyi6WavegEWzp+/toJFlTwOrQVv50mCMZbXfzN3aj
Pcwf8yFbV1RfVvDPwUiMHsJ/UIWSfsKh946XUOhHaB59Ji0c/WmklgZTc3oKi+NG
5Gog6nNwkfoTF4aFf1DVk96bToamCKFrS86LaZxgYorMRiTkdjcMXoctiCJiCOrL
FXiE3c0LxdKMl+FLdipWXFlrppHiPVnWFY+PFXaIY8IGGcgZsb5ER5mlHC0noQvm
+wrc5Fv29XhIAzCGeBRxDIH1//ooMWOyPqQHY2Bf7t0puygV2iGUqhAeazy3MPDa
sn1PRZ1CodUs01HcaOEIFBvxocr1KtXo3srcVf/ukj533kCO/3k=
=Dl0N
—–END PGP SIGNATURE—–

AutorJosip Papratovic
Cert idNCERT-REF-2020-02-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa MozillaFirefox

Otkriveni su sigurnosni nedostaci u programskom paketu MozillaFirefox za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanje proizvoljnog programskog...

Close