LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Ubuntu alert USN-1482-1 (clamav)



From:
    	      Marc Deslauriers <marc.deslauriers@canonical.com> 


To:
    	      ubuntu-security-announce@lists.ubuntu.com 


Subject:
    	      [USN-1482-1] ClamAV vulnerabilities 


Date:
    	      Tue, 19 Jun 2012 14:24:30 -0400


Message-ID:
    	      <1340130270.4836.1.camel@mdlinux>


Archive-link:
    	      Article, Thread
              


==========================================================================
Ubuntu Security Notice USN-1482-1
June 19, 2012

clamav vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

ClamAV could improperly detect malware if it opened a specially crafted
file.

Software Description:
- clamav: Anti-virus utility for Unix

Details:

It was discovered that ClamAV incorrectly handled certain malformed TAR
archives. A remote attacker could create a specially-crafted TAR file
containing malware that could escape being detected. (CVE-2012-1457,
CVE-2012-1459)

It was discovered that ClamAV incorrectly handled certain malformed CHM
files. A remote attacker could create a specially-crafted CHM file
containing malware that could escape being detected. (CVE-2012-1458)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  clamav                          0.97.5+dfsg-1ubuntu0.12.04.1
  clamav-daemon                   0.97.5+dfsg-1ubuntu0.12.04.1
  libclamav6                      0.97.5+dfsg-1ubuntu0.12.04.1

Ubuntu 11.10:
  clamav                          0.97.5+dfsg-1ubuntu0.11.10.1
  clamav-daemon                   0.97.5+dfsg-1ubuntu0.11.10.1
  libclamav6                      0.97.5+dfsg-1ubuntu0.11.10.1

Ubuntu 11.04:
  clamav                          0.97.5+dfsg-1ubuntu0.11.04.1
  clamav-daemon                   0.97.5+dfsg-1ubuntu0.11.04.1
  libclamav6                      0.97.5+dfsg-1ubuntu0.11.04.1

Ubuntu 10.04 LTS:
  clamav                          0.96.5+dfsg-1ubuntu1.10.04.4
  clamav-daemon                   0.96.5+dfsg-1ubuntu1.10.04.4
  libclamav6                      0.96.5+dfsg-1ubuntu1.10.04.4

In general, a standard system update will make all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1482-1
  CVE-2012-1457, CVE-2012-1458, CVE-2012-1459

Package Information:
  https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1...
  https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1...
  https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1...
  https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1...


-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds