==========================================================================
Ubuntu Security Notice USN-4435-2
July 27, 2020

clamav vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in ClamAV.

Software Description:
– clamav: Anti-virus utility for Unix

Details:

USN-4435-1 fixed several vulnerabilities in ClamAV. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that ClamAV incorrectly handled parsing ARJ archives. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2020-3327)

It was discovered that ClamAV incorrectly handled scanning malicious files.
A local attacker could possibly use this issue to delete arbitrary files.
(CVE-2020-3350)

It was discovered that ClamAV incorrectly handled parsing EGG archives. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2020-3481)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
clamav 0.102.4+dfsg-0ubuntu0.14.04.1+esm1

Ubuntu 12.04 ESM:
clamav 0.102.4+dfsg-0ubuntu0.12.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/4435-2
https://usn.ubuntu.com/4435-1
CVE-2020-3327, CVE-2020-3350, CVE-2020-3481
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl8fCboACgkQRbznW4QL
H2lGbhAAvXn0yuztLVB4IjlKRzpfvqo5q785b4qHtd1doNCkRgX6QGkeYOX7fmHy
qKMkb5OaJlNUY02EMjU6eXIbhsU2KJKONqmZ16KX3SsXgiIG82jcYzDbqZtrxOu/
BYEWYfx22VQnzaFwOpYN0lvkoFsbS6a98xRGmkAgEIytmJeuOqa0awIMV7+8Cq0B
iJSK/rHCLhexq8zCtPZgUYA9JOAAh8Wa8X3+meJ8nFFpr9yDw2sSxOfZrNAkP3bT
aX4Y1JZcw+e8nsAxhGojhEi2NCvh2WsNprRA1Hv1sL7llnreBoW9d1dpkm9UoV8u
y+A2df0sJo5wfF/E9NsFP/pRZ5kQ2yrCfGxTc1q9Vd9E06INTUCa98XZnZ9hBUDZ
tBZA/37Myef3omMGjn6fwdyoyJBi9Dzc1wA1mVChywW4uSiTrFuuhLAa+wl7Bo00
mgrdSZK2GPavFsRDThVCRFeydH9V6aPwGPdEBtTAuCMn14TRW/dWNywQfW+/Ynxp
UPEbREW5Pqq3L4CFqIajVTDlqni/TOyaHf7vvecY94qo9rTANl0tDX3r/kPZ3Fjk
qc4RQ6M32AiT4E+6Q/0BGLN8EGluvEuHqPfkDbFgrzbwkiCddKXkisubiLrXE55Z
to9VdqEQfiGNTzTQhjfpQo3/YY0QAcxOLJYgK8mmWLsqoYsezb4=
=+S5b
—–END PGP SIGNATURE—–
—