==========================================================================
Ubuntu Security Notice USN-4280-1
February 18, 2020
clamav vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
ClamAV could be made to crash if it opened a specially crafted file.
Software Description:
– clamav: Anti-virus utility for Unix
Details:
It was discovered that ClamAV incorrectly handled memory when the
Data-Loss-Prevention (DLP) feature was enabled. A remote attacker could
possibly use this issue to cause ClamAV to crash, resulting in a denial of
service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
clamav 0.102.2+dfsg-0ubuntu0.19.10.1
Ubuntu 18.04 LTS:
clamav 0.102.2+dfsg-0ubuntu0.18.04.1
Ubuntu 16.04 LTS:
clamav 0.102.2+dfsg-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
References:
https://usn.ubuntu.com/4280-1
CVE-2020-3123
Package Information:
https://launchpad.net/ubuntu/+source/clamav/0.102.2+dfsg-0ubuntu0.19.10.1
https://launchpad.net/ubuntu/+source/clamav/0.102.2+dfsg-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/clamav/0.102.2+dfsg-0ubuntu0.16.04.1
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl5L7mcACgkQZWnYVadE
vpMi0BAAqJT9j5KwWsNdYnfwuMoPJD5yNvUXg4KF5qg8j06CYAttAYFnBLT57f/7
rwkS3qn4Nuc9AyYkdZOb8V/5wGg5/0oi29tw03Icok5eSJw+SMjjRyYjkkiF48jC
UNBKtASIDmRmnC7b8mJDzL4EmW+WJaaX6YUDXNuHnHvEELp8KkHJh8zaCc+V7v4/
WIPfa6XCdPscEE4EVr4en16z/Nqh12pmkSRK51agdFEupvDabj3YpMcEngNQKLsi
6r3zPg9AMW289c6Ncxs4MS7X1Y9HqbtTvDOwrMEYwi2/WKyb4+73i4cpIBi7aDib
ci/O4eMfJNMhFZx+91pNMVnqqdGv20lxDTKSb90A8kWFqIhzOgDjNK75lPc1T9dK
Od/U81dm3BS0Ejzv1stXpuTEvCYPeVoVdHgxuT2dlZDlvnPBv5apBilR7yvtCipt
dSyCDOpFein0sEQK/Cfl+mi+wVqqfPa4xacobz3WErkoPe4VPBFfxaGIBEWiIv90
fD1JOgozeCATJQ8vT/edx1VuoJVPQLtNUP2Ut+yQbICWNhR5BjkELY121/5gHQgq
BJkkdv6mPreyyBMx0z96n8PV/vVat7C74pntmFBqweWb4ZCKTZCe51oKtka/Kgoh
5KX8am7ELJ9hotdKm+OZW0gfANZkCSjfQ5lGQE+moEXqfefWZuo=
=+JOr
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-4280-2
February 18, 2020
clamav vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM
Summary:
ClamAV could be made to crash if it opened a specially crafted file.
Software Description:
– clamav: Anti-virus utility for Unix
Details:
USN-4280-1 fixed a vulnerability in ClamAV. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that ClamAV incorrectly handled memory when the
Data-Loss-Prevention (DLP) feature was enabled. A remote attacker could
possibly use this issue to cause ClamAV to crash, resulting in a denial of
service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
clamav 0.102.2+dfsg-0ubuntu0.14.04.1+esm1
Ubuntu 12.04 ESM:
clamav 0.102.2+dfsg-0ubuntu0.12.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
References:
https://usn.ubuntu.com/4280-2
https://usn.ubuntu.com/4280-1
CVE-2020-3123
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl5MChYACgkQRbznW4QL
H2msjw/9HN2cHbWFytCW+vbz3R1F3TmcT4T9WTFDcj+4mMEVv52NTQtiPonDJKVq
Y8ydzg4SLJJoBBm3COMq8/S23aRXEVg+/x7GGNLMlGZu/a6JG24EItWhyA93zVv1
Uvywh/Fr/DbJ72kTMWhsZwwphvPHNOVLr8W92Z7FLw4l5clbUy5HAMFJMpcd3LnZ
XxRa6ijUwlQYN5pJFaicNTr0L0wkWerLIrxJx8k4F8NwYIp5vS0bZiyYr0pth3em
PxWrtsjPMtWXZ0VoBxfRpYADsNfhDnlp+WyU42Ikhy/2N7mLG41qetNNUoMZ5tN/
ekolM0mJn9lp4nDdt3CIQWwxyi6WavegEWzp+/toJFlTwOrQVv50mCMZbXfzN3aj
Pcwf8yFbV1RfVvDPwUiMHsJ/UIWSfsKh946XUOhHaB59Ji0c/WmklgZTc3oKi+NG
5Gog6nNwkfoTF4aFf1DVk96bToamCKFrS86LaZxgYorMRiTkdjcMXoctiCJiCOrL
FXiE3c0LxdKMl+FLdipWXFlrppHiPVnWFY+PFXaIY8IGGcgZsb5ER5mlHC0noQvm
+wrc5Fv29XhIAzCGeBRxDIH1//ooMWOyPqQHY2Bf7t0puygV2iGUqhAeazy3MPDa
sn1PRZ1CodUs01HcaOEIFBvxocr1KtXo3srcVf/ukj533kCO/3k=
=Dl0N
—–END PGP SIGNATURE—–
—