==========================================================================
Ubuntu Security Notice USN-3393-1
August 17, 2017

clamav vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in ClamAV.

Software Description:
– clamav: Anti-virus utility for Unix

Details:

It was discovered that ClamAV incorrectly handled parsing certain e-mail
messages. A remote attacker could possibly use this issue to cause ClamAV
to crash, resulting in a denial of service. (CVE-2017-6418)

It was discovered that ClamAV incorrectly handled certain malformed CHM
files. A remote attacker could use this issue to cause ClamAV to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 14.04 LTS. In the default installation,
attackers would be isolated by the ClamAV AppArmor profile. (CVE-2017-6419)

It was discovered that ClamAV incorrectly handled parsing certain PE files
with WWPack compression. A remote attacker could possibly use this issue to
cause ClamAV to crash, resulting in a denial of service. (CVE-2017-6420)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
clamav 0.99.2+dfsg-6ubuntu0.1

Ubuntu 16.04 LTS:
clamav 0.99.2+dfsg-0ubuntu0.16.04.2

Ubuntu 14.04 LTS:
clamav 0.99.2+addedllvm-0ubuntu0.14.04.2

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3393-1
CVE-2017-6418, CVE-2017-6419, CVE-2017-6420

Package Information:
https://launchpad.net/ubuntu/+source/clamav/0.99.2+dfsg-6ubuntu0.1
https://launchpad.net/ubuntu/+source/clamav/0.99.2+dfsg-0ubuntu0.16.04.2
https://launchpad.net/ubuntu/+source/clamav/0.99.2+addedllvm-0ubuntu0.14.04.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJZldRWAAoJEGVp2FWnRL6Tq7AP/A0Fmrx8lZGXpoVGvyMTQ371
aOgtxnq8QNNVFBRZD/tAcTvs3KxZULbTQG+HgLt2lBdO+Ixy6FqwyrqlWKdg2WQp
KIvXOO2A/LZ47M+SgWv6TgylkhlQTqGIT0EerG48nsTbe2RtDP3OZZHfwY4ks/y9
j+icGSYNhTDQldRVBLdF5rVr5NGX1mD01HyUV8sckJENUFNtZOzwWLPGVVqnHWhK
GCRvHvGbwVVQgWTeSr1OyQlhEc0jYPtrH+jRqRfkaWYa+cafymrP4zmsBwBXyisE
MeomE66ZzQJmF7jF8bVU8Qty8m1x2kLNpZv76UxL9jNdHqWm6gHa4RuiZwpxB5Db
ZPU13YBtK++OCTDW35WhvEo0YUqGHUv1U3TBmppiZgc+z/Iq7VSUvx2u1WnlAzn0
YedPwraRrY18QcCz4B36L2JGkcYIQ0ZPUkVKJOBzyCU10Sz4hzXMk5CF7UvEpZXG
0aCKhNikVEMeVdkN7kIyrCtZ2Rx1Z9VjAJw4BkVhxXTlo6mKn0DthsJJ2f/MmBZm
AGtJVgsX97nxxbPCog+wEaGhqWCZBM51kpz2XRKk7bGugFAVxLM29IQIN3DkdycO
t+ABdUSX+JLh1aJyYG+mI8mwfzzQsOTt5/vyAtjJ4q862msgSUfByTkNtKSWUEfl
7ez0kj0iWOJiOTlE+2m7
=+jpn
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3393-2
August 17, 2017

clamav vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in ClamAV.

Software Description:
– clamav: Anti-virus utility for Unix

Details:

USN-3393-1 fixed several vulnerabilities in ClamAV. This update
provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 It was discovered that ClamAV incorrectly handled parsing certain 
 e- mail messages. A remote attacker could possibly use this issue to
 cause ClamAV to crash, resulting in a denial of service. 
 (CVE-2017-6418)
 
 It was discovered that ClamAV incorrectly handled certain malformed
 CHM files. A remote attacker could use this issue to cause ClamAV to
 crash, resulting in a denial of service, or possibly execute arbitrary
 code. This issue only affected Ubuntu 14.04 LTS. In the default
 installation, attackers would be isolated by the ClamAV AppArmor
 profile. (CVE-2017-6419)
 
 It was discovered that ClamAV incorrectly handled parsing certain PE
 files with WWPack compression. A remote attacker could possibly use
 this issue to cause ClamAV to crash, resulting in a denial of service.
 (CVE-2017-6420)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  clamav                          0.99.2+addedllvm-0ubuntu0.12.04.2

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3393-2
  https://www.ubuntu.com/usn/usn-3393-1
  CVE-2017-6418, CVE-2017-6419, CVE-2017-6420
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJZle7lAAoJEEW851uECx9pyL4P/i+oGCQfoanoc+As8y2NIcFb
hNmS6b2tdMl3cGymQxN+R00Vjhdk2Cq8hXJ2IEtkpm9FY+kJ24eF1yiBL8t2cgt5
0CW4GZQUg8sL+PSAcTNk5w8UwoOjuwOkqV6587Cp5r2ea0rGGBMbt/iMXRbxtwVe
EM+xMMWaSlgSyrW9ik+UB2IE3cqnffW9y47MOHB5MJ44T9uqBzjJOCXrDbPfCE+x
OSu2pU1VOREiUCJKslo/3blsWReUBJ3Ye/7Ojr3bG4+hvZAKsAoml/g8+PK0UPfO
vLyAF2gU9ilM01LebC32TA2Aw/3+mnBUn3hMsn+/fbQP3kqpfLIe/3s3ru2dhw9C
70Ki2qka0CyPKzB4rh7Rt4oJi5TZp6GQl14uwhkkqt3vGYHb/3yeud9UjcTPfoBm
bAsObL7gYfT434YJSs/9sO48n+kZWdQMvflkK0Gyw4A8lj3TcUAwCNG04UQb/22h
4DCoDXantLeFzrwuE3aJCxfxWjATa6evgf4VjrXvWZx3B71k2zTjjavm/JLB+GlV
6QSscDY4wsM0qPNHNTNwi8hDk+p6xDZlnZcW5rVNJghrjONcyXfuqBf9ACmBVAtB
CumJDJTx51D9GyfmOw5NQ+BPCVrcE/uKuPhfkwpzXPmGl7GidzBSTmAq/8EJ6Gm8
oN1YsYndNJB6bk6nhckQ
=mMEX
—–END PGP SIGNATURE—–
—