You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa clamav

Sigurnosni nedostaci programskog paketa clamav

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4370-2
May 21, 2020

clamav vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in ClamAV.

Software Description:
– clamav: Anti-virus utility for Unix

Details:

USN-4370-1 fixed several vulnerabilities in ClamAV. This update provides
the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.

Original advisory details:

It was discovered that ClamAV incorrectly handled parsing ARJ archives. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2020-3327)

It was discovered that ClamAV incorrectly handled parsing PDF files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2020-3341)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
clamav 0.102.3+dfsg-0ubuntu0.14.04.1+esm1

Ubuntu 12.04 ESM:
clamav 0.102.3+dfsg-0ubuntu0.12.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/4370-2
https://usn.ubuntu.com/4370-1
CVE-2020-3327, CVE-2020-3341
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl7G004ACgkQRbznW4QL
H2kQUw//QevJ6nC5gZ4B/Htw0b783SOizvRKVdu/oEzCnrzcZwancutD+z9fshhS
Cc1BlZqLZXjCJvmwmCzmmyMiP/JtrgSHM1ka7N3QFhw1MI6ReRjYE4ITkpzMtAGN
hUrQXCBCSP6bZwmLaeNBAwM+xDtdxR5njGVBeqP3sHrCUBkXlyIMJwus82FjtHKC
eioTW72lIiNF7GKo5K8C0eZhv1/bqHhALaOYP0LM05/Ic4ObNma8OJfws28lLqh/
6dvk+jAb9Myta0hi8oRvs/qQaKiLs9akyre7WRImaD89NtKSII5dz1slQrkrpuKJ
u/zUhQPC8kl7bdwDwNC2OR1SkP0/oKlRDEriOpKj1vW/Ciwq49+/LBpC+bC3NGzb
fYORmHR40hwsLbA5Az2zpLvoqKYis8o0NIq5X7UwnomFcoccxEFvIafm0FhydjHc
vDYwV+NZHn8uD+qbO3MKIwYoLIQ8vqoQtvdYvTQA3dMEFjaREjEiBllpkLfwhCUm
ZUOLvAypWSWp+jEkQKEnlPUW1oEG4S9uRfVh4pKHcCsRSvbJGkR8LDt/vDhYKlrO
8hcFFkXqeSnLk1Pgws4x3cb81/BYe8wCZjcSE+3d33XkE4Un9U8RvnGNfqn4+ceV
H0lhu8rhnKdNlcI0v/UP7UEc+UPWNiddn4GO0jO6kqcw3FL1tDA=
=0Ctj
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4370-1
May 21, 2020

clamav vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS
– Ubuntu 19.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in ClamAV.

Software Description:
– clamav: Anti-virus utility for Unix

Details:

It was discovered that ClamAV incorrectly handled parsing ARJ archives. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2020-3327)

It was discovered that ClamAV incorrectly handled parsing PDF files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2020-3341)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
clamav 0.102.3+dfsg-0ubuntu0.20.04.1

Ubuntu 19.10:
clamav 0.102.3+dfsg-0ubuntu0.19.10.1

Ubuntu 18.04 LTS:
clamav 0.102.3+dfsg-0ubuntu0.18.04.1

Ubuntu 16.04 LTS:
clamav 0.102.3+dfsg-0ubuntu0.16.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/4370-1
CVE-2020-3327, CVE-2020-3341

Package Information:
https://launchpad.net/ubuntu/+source/clamav/0.102.3+dfsg-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/clamav/0.102.3+dfsg-0ubuntu0.19.10.1
https://launchpad.net/ubuntu/+source/clamav/0.102.3+dfsg-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/clamav/0.102.3+dfsg-0ubuntu0.16.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl7GyosACgkQZWnYVadE
vpM5pw//U4y4FUoDe29GZlOpyZ9blmDUOBNXEVrSyP400euOIG01EpBuuCnqNZc3
F3NQt3KH+njFVkZVAL/cCwqh+CPem4jikxBAIgih/iews5Xjkm+6uf6XKnUzhKXu
s5dgM7ArznxQppkhSa8lt8L7eq97PW4GEEd/eFytBtU38Cbr6b9nkhJmEx0xpjSC
ETq1QzTQODNa3zIyeJlbigI3lh+b5Np+0MNKp86l0QUeYOVdOYwRZvGdBVNiaJpO
KDwc/83+gmWS360TFgJFWlhFLibnWHGLulxAGoZGSk1UmxTTJX2ryfmVugVn/SGr
LdjWJdBNvvFdO6Ev9m2Z+AX+up6mOaUekWlTO5mqc+3ZQ5FaK8KaaAjG3S9V3WOD
9mKXnjtBJbNdzRXvLc7K117EX0vRDo4XWHKRpCQBJByBJf0FHlSltPy4DvRciQf7
i3sDmaIgBqk29vobJTfAYuacQowbz+9MzHSyxofNhDOHGC8Nl1mods+lj2WP1ZGn
Gyq4Kaqf0BScyTaAUQiiTLmhS3QsuDb8V6j/1e1nMQqeyprby2lLPCh4LXjvHevg
bWhjYZ5rjEQ30kKFst8QMmH1xSkQ9mHU5FQ9ElxPAuMgRHCHCtbTBGFCKa+IkFBk
eeyPc+8aoT05FLdRL4sa3nc9g9SHfurFQNjY8nex7mVg7RXq/Ak=
=TdVP
—–END PGP SIGNATURE—–

AutorToni Vugdelija
Cert idNCERT-REF-2020-05-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libvirt

Otkriveni su sigurnosni nedostaci programske biblioteke libvirt za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS stanja....

Close