|
|
Subscribe / Log in / New account

Ubuntu alert USN-7229-1 (clamav)



From:
              Marc Deslauriers <marc.deslauriers@canonical.com>


To:
              "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com>


Subject:
              [USN-7229-1] ClamAV vulnerability


Date:
              Mon, 27 Jan 2025 12:50:54 -0500


Message-ID:
              <da3f02a1-07a5-41d2-8d80-ee033f24365e@canonical.com>


==========================================================================
Ubuntu Security Notice USN-7229-1
January 27, 2025

clamav vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS

Summary:

ClamAV could be made to crash if it opened a specially crafted file.

Software Description:
- clamav: Anti-virus utility for Unix

Details:

It was discovered that ClamAV incorrectly handled decrypting OLE2 content.
A remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   clamav                          1.4.2+dfsg-0ubuntu0.24.10.1

Ubuntu 24.04 LTS
   clamav                          1.0.8+dfsg-0ubuntu0.24.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
   https://ubuntu.com/security/notices/USN-7229-1
   CVE-2025-20128

Package Information:
   https://launchpad.net/ubuntu/+source/clamav/1.4.2+dfsg-0u...
   https://launchpad.net/ubuntu/+source/clamav/1.0.8+dfsg-0u...





Attachment: OpenPGP_signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmeXx34FAwAAAAAACgkQZWnYVadEvpM6
Ag/9HReWvkGZNRz2tBLGRure1AsyAAsGqtNySQHZAatuLWaJII9mPSZ3wVLjtZUJqNsvYPiDH13E
ijg84BPIeyF+6aNXO3JRo6KEMKi2cbcZfdOrTHaCL8ORvy4xYn27xX2+7JaLnR+ecFqLdWMUQhXL
oXG08NkjubnVWLDtMhuLI5QjEFm0ssxAROQ8ovAQ2FSagLojw0dipiH8UDJmyM8Wu+wqdOoz5EWy
Yd3kbp10O2tdaaq5cwhN4X6YKyUpWKaYBV71cCSjDenGXZslMngSld2vpbj3JYj7TbZZ/9d0syPt
T8WTMrfZufReae4ao+QtsxWBtWOwPZa1ulFynPNUckTbWunonC/gBqlQttPZ5AE50TkissUmaFPw
tw9j1CtqK1HFHsd5LXj7IKO08QbaEwFWigcYL3UX5OzIhWyXSOvryZak0Ae1SbzaYraCqhNwWxUg
MQLOEKQaMfoVwCt+tUCRMBosY/I+jFd8BXfMOidDh5osLaMKTMvTCla/+Iggo0P8KIMqajARt+sA
txfsjmAmWbltY0gyoMZZ5qWd0681R8izoyRfDlDdOu8RLvlfw/aLQMQdK/qOZpEQI/RqTeUwlg/l
X8cWn+R3pIo5nBHONI8Qnmuiwn8Bz8UTar6glG6QbFLk8MR89NFDGs0smhRti5WJt2P52Z1vVYNi
5pQ=
=kSGL
-----END PGP SIGNATURE-----




Attachment: None (type=text/plain)
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds