==========================================================================
Ubuntu Security Notice USN-3722-2
July 25, 2018

clamav vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

ClamAV could be made to hang if it opened a specially crafted file.

Software Description:
– clamav: Anti-virus utility for Unix

Details:

USN-3722-1 fixed a vulnerability in ClamAV. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

It was discovered that ClamAV incorrectly handled parsing certain HWP
files. A remote attacker could use this issue to cause ClamAV to hang,
resulting in a denial of service. (CVE-2018-0360)

It was discovered that ClamAV incorrectly handled parsing certain PDF
files. A remote attacker could use this issue to cause ClamAV to hang,
resulting in a denial of service. (CVE-2018-0361)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
clamav                          0.100.1+dfsg-1ubuntu0.12.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3722-2
https://usn.ubuntu.com/usn/usn-3722-1
CVE-2018-0360, CVE-2018-0361—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJbWJYIAAoJEEW851uECx9pOUgP/RMB7U33a1HSY4Pwh+oOUDLX
AjCdoxUi2AkFs+GSPi6S7xyPtOujko9IQA8v/dvAG40yOzuCIABti08vUJvP6xPw
wS+GioQ3HdVlNX+U5ns2fpEdrPAl7+M8aCXHAUVBT5mkAprN/G0rAgDNJ8hKoIh/
TuTD3JeW31W2XD3U5dvi9UkVYXOh4dBeIo076GEYu8JcomuEYIJSZueoczhOSMub
M60TTcEtb7r4Y2aLO5uOkMoYTC5wJY9c0iSuFEu8KcFLDgrpdPaqlSM1lozmIy8k
FpOGs4g6kEvAB1Y9rfw2V1Mo3a8j01y1QBqdVfsbf56aQi1BVA3GMscKxL3qeW7N
eCKbTwaefYpZCzrz4AnkAbOqoDwkKe0d5VKLo2gThHfZs/mAWk3JZjGylfErYZ18
7BS60oOfXpsRkwuaz0kFzB7sTpsZJxVWPEJwS1dgF4NYBBm6wbeg+P4ZCObxO0pE
kqVkDmW5rydfB4iT9VWftJr7sgzljMZ42XoQvYYpkwUQoh+A453iKErmuws/QceJ
AIQci1zk18zLa0ZfO9nDGjyzrfTEOxsZuC6zie+Aa7YHg0TXKpWX8vwLbqm+yK0M
YHAW4RGqIidjAY13SofcKRkakXCGTqfSS/wNQ4BvdeWVirA9/OPqAt527rmhs1po
N6fGAcWqKgsB/E3sG7i2
=naCp
—–END PGP SIGNATURE—–
—

==========================================================================
Ubuntu Security Notice USN-3722-3
July 26, 2018

clamav regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

USN-3722-1 introduced a regression in ClamAV.

Software Description:
– clamav: Anti-virus utility for Unix

Details:

USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version
removed some configuration options which caused the daemon to fail to start
in environments where the ClamAV configuration file was manually edited.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that ClamAV incorrectly handled parsing certain HWP
files. A remote attacker could use this issue to cause ClamAV to hang,
resulting in a denial of service. (CVE-2018-0360)
It was discovered that ClamAV incorrectly handled parsing certain PDF
files. A remote attacker could use this issue to cause ClamAV to hang,
resulting in a denial of service. (CVE-2018-0361)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
clamav 0.100.1+dfsg-1ubuntu0.18.04.2

Ubuntu 16.04 LTS:
clamav 0.100.1+dfsg-1ubuntu0.16.04.2

Ubuntu 14.04 LTS:
clamav 0.100.1+dfsg-1ubuntu0.14.04.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3722-3
https://usn.ubuntu.com/usn/usn-3722-1
https://launchpad.net/bugs/1783632

Package Information:
https://launchpad.net/ubuntu/+source/clamav/0.100.1+dfsg-1ubuntu0.18.04.2
https://launchpad.net/ubuntu/+source/clamav/0.100.1+dfsg-1ubuntu0.16.04.2
https://launchpad.net/ubuntu/+source/clamav/0.100.1+dfsg-1ubuntu0.14.04.2

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAltZ+74ACgkQZWnYVadE
vpOblQ/5Ab3Z+yekDwYwRQKEDh9zKramG0MGN6bIBSST6MGDBvLfkKGXUHWkcrRK
5V64Boczah8xiicUxG2f+jELIlkox0A0W5+wMIFlPe43XIZCUMypNABJDyUSQJU8
RioPYbRyKoWEeGsd3ztnbTg07aT6QAEVgEGjOSHvNHsB9ETBZEOBC3IKmPOmTgSS
yt43FWtX2zcyDdXggcb8X/8M2pMQorDq3r3EwUMgJ3A+WPn6sM/J5JWOWnq2dLvG
+OvOM28txD6KnRZSJpNxrxfWX94hKnXwBvr/23yz2VjDWRh2b+nQooUkZ5Zo1xOq
tSJ+4AGHabHNUz81+U84aun7xeN5oZ6zBDqrfdCLLwk6B98RAqdDfoKB7/GFO0RZ
jIH/7GQdeknTMG7WLHqIv2TPyoGSXYqbEwa9cb3tJPDn8k1k3p2G+L7jQEWqmXSO
5ruRB9SVKShfBkhr0YGxZlQA+gs2l1Yp8MJtIPsFjVZ7fnb8l8rWx7FziPkXsvNh
wSIhCKOMUleXi9d23lftWomM9G4RY4U6c23y4BZaD8ix4MLx/a17I8RZqueXTXk3
pI9MgE3+FKwGvf1VI169NkU4sYosKj7nT1bBnGYxgQo2EV140vfhlmxGUnwGUZo6
4JRR+AzVgT7V1BbZOcJtgT+jQ38xZjdrXz1/OYDx3fEUxX08sMc=
=F7oh
—–END PGP SIGNATURE—–
—

==========================================================================
Ubuntu Security Notice USN-3722-4
July 26, 2018

clamav regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

USN-3722-1 introduced a regression in ClamAV.

Software Description:
– clamav: Anti-virus utility for Unix

Details:

USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version
removed some configuration options which caused the daemon to fail to
start in environments where the ClamAV configuration file was manually
edited. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that ClamAV incorrectly handled parsing certain HWP
files. A remote attacker could use this issue to cause ClamAV to hang,
resulting in a denial of service. (CVE-2018-0360)

It was discovered that ClamAV incorrectly handled parsing certain PDF
files. A remote attacker could use this issue to cause ClamAV to hang,
resulting in a denial of service. (CVE-2018-0361)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
clamav                          0.100.1+dfsg-1ubuntu0.12.04.2

In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3722-4
https://usn.ubuntu.com/usn/usn-3722-1
https://launchpad.net/bugs/1783632—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJbWgzaAAoJEEW851uECx9pzH0P/jnzux7nIG0afHIaG60G3akl
eGAjQd0Q8Ek1vRN4g6+Ugj15aNCdREpVwC7La+/uqRsltBd/2SVOq3OG+9ARq7lD
77/9UyzfAuJfrA3bHnbusQ8XN7ITbaa3Hv+qELf/KFGq8xmd7joi7AAfdQmVPVpP
f1yDvL7tNy1zmtP60ooQ8yvmKQtNimAwBgwEjsFYMOH7w51SFsWNO/SSYq46ejJ2
nZS+4/ZEIrcF9IP7ziSozB9XoChkTlRBRwgLcqX3k1nrF0QEftchgXopBQsT/+Sy
nvOIix8ioWE9FWpNuf+3E/PUILiz7UtKW/kBxIGpgimMvnlXBSyc5fxQWrfGjOPS
jn3EM8P6Z1ew/bCWrYZAIwcF6Yw+C0Amh8g0LubJ+3CLmiLEjH6N9srVfGdGN1oB
vYGAW4yEZ6Z5tTMFmCxNA9cblhOIw3bgRc2dbCuszw98PqbQaNLJSDR6cPzR5phF
dmaezEBzYUj6jlDnQNdXmOkD5RUu43ADVIeiLI2hFWngvoNUCvcCzu84Rk1AiNZH
PQ1wISccsZz3a2+890ddzP679URwgtx/5TLT2t3NOOc4R16G979ZahUVgmxtDe1y
9FojOINNWHrX+yJl5wo41Zuts6XL3e+PElBc0hJhz/498rgdEPejRAiciQbhTXSH
QpU/IMtE7f6lQ11/m7UO
=SBiE
—–END PGP SIGNATURE—–
—