==========================================================================
Ubuntu Security Notice USN-4146-1
October 02, 2019
clamav vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in ClamAV.
Software Description:
– clamav: Anti-virus utility for Unix
Details:
It was discovered that ClamAV incorrectly handled unpacking ZIP files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2019-12625)
It was discovered that ClamAV incorrectly handled unpacking bzip2 files. A
remote attacker could use this issue to cause ClamAV to crash, resulting in
a denial of service, or possibly execute arbitrary code. (CVE-2019-12900)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
clamav 0.101.4+dfsg-0ubuntu0.19.04.1
Ubuntu 18.04 LTS:
clamav 0.101.4+dfsg-0ubuntu0.18.04.1
Ubuntu 16.04 LTS:
clamav 0.101.4+dfsg-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/4146-1
CVE-2019-12625, CVE-2019-12900
Package Information:
https://launchpad.net/ubuntu/+source/clamav/0.101.4+dfsg-0ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/clamav/0.101.4+dfsg-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/clamav/0.101.4+dfsg-0ubuntu0.16.04.1
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl2UkSYACgkQZWnYVadE
vpN/WxAAsEXTRjwh5TEjiiQP5BuuszKCzHgLBFRjeOWLzBL2VUt3ZPGQoTMwOhDj
KrF3b/AAkkEVnkJ1U6yv8fUgrE5jVv2lXrbHmVAFqIrtQ2cDYOFePfRNg4hgN4C1
ZtY1Zt5F8oTVBqa94/KYoJtnG86zAQg22hiizqzwwicgt+aigeZuhsZ0duW3v16K
Er4P0edB94s7BXTuTh8h+QUJ49lgnmDEhndsszysfLnWU0VG+4yl4ZSoTLK+dCyS
9WoElbgswAkiSIEiiyLYyIPwc69TXXZ8l3VLkWnVVoaJzsNUGtfNyX7h0QXTC9+N
PmWvn3k0xM5bloJxkKfO8DU+w5n1deCYBTuKQNTvEe2jC1rFD3L3bs4B5MuJVn3Y
C8LhCqkdv8W4A03TB9i/OGuzD8lv7gleIDNDhNX97chxqCsTM47SujhGtD4QzmRU
vkiMhSF2XzmhEjt3oZN6EZcSOfTb7is6cy2RcvnIyqmY/4XQd/wMO4vuVh+LZsQZ
dd29a8eg1X0teleD/E1FOTBWSd1S7A/s3s/+01mWPsCPE+fHudsgYmoFJTn7nGe1
T1t2+Xmal/qWj1O5hLwCjaoUtK9xru04fKaJ3Rdk8Tff2rjmLT0XlQroi1BY0TX1
N7QvJOU3QUaHFJu1wGLJDHi9+DWD0ZhlHLUDdza7AXETtkU8X+s=
=8Y6i
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-4146-2
October 03, 2019
clamav vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in ClamAV.
Software Description:
– clamav: Anti-virus utility for Unix
Details:
USN-4146-1 fixed several vulnerabilities in ClamAV. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that ClamAV incorrectly handled unpacking ZIP files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2019-12625)
It was discovered that ClamAV incorrectly handled unpacking bzip2 files. A
remote attacker could use this issue to cause ClamAV to crash, resulting in
a denial of service, or possibly execute arbitrary code. (CVE-2019-12900)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
clamav 0.101.4+dfsg-0ubuntu0.14.04.1+esm1
Ubuntu 12.04 ESM:
clamav 0.101.4+dfsg-0ubuntu0.12.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/4146-2
https://usn.ubuntu.com/4146-1
CVE-2019-12625, CVE-2019-12900
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBAgAGBQJdlgtDAAoJEEW851uECx9po5EP/01zGdxalX0E4K/+8VVYK6ZX
mRrnCRxmUgxcE0B2bdkzaoVxnfUGL9gAkJUK6B/Ara2B8a0N6vRV9ZJz+93uJjEd
Ovp4K5j/+Rkrc1kGYcpjwi6xss+kt2JijI+JmaT69wkkrjl9lsMt8ucB0nPIhXSP
toFXUm+c9oVRRvvg0q3M8jxyw4JitEptNbvPaeK/KB3mo8A9PElZEKWlbAI/faAK
SCoa4ZOZowevqJ4ctq0xZMwztlMZDDSOJmBvYIqdcCLy2vnx2eqHTRM2I4lasKbM
hW6YZ0TiP9J/jUDX7TcG4iQV6IqLWCOHIDR/SJbE5Emm+REQIP7fgHCB6A3YAapu
eUod1kJhfz80yon6jHcndEsC5JvPV9ulTc2ePLPsE8CBxHcYHmr1dgC6PVI0V8FP
1n3hj7vfK3cGbJiVUBLNw2QuxEtYNlPNuxV8XKkZ/pE/i6tMO4vysDA/QoZ9c/TF
HcEIWXiNPYMJtLq5i6FYr55MDV/ZGUesNFwLWUE1FS74NbfiR6MX6qxfSIez/lsn
sHN1PKTk/zNXTsGH75NcP9t8Eq/EVDGvJ9IN48AdKmfYHkuBDM7oayY9FHIATHRp
U/UFPRh0KJFftpGrdHPWKOO/7a2u1Oi5IJ1i2OkKu/oIX7KVzO4/yOfq/nIyE3Lv
izgZ6EbrvfzoyQjJH+rJ
=qdK9
—–END PGP SIGNATURE—–
—