You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa clamav

Sigurnosni nedostaci programskog paketa clamav

==========================================================================
Ubuntu Security Notice USN-3728-2
August 01, 2018

clamav vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in ClamAV.

Software Description:
– clamav: Anti-virus utility for Unix

Details:

USN-3728-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04
libmspack is included into ClamAV. This update provides the
corresponding update for Ubuntu 14.04 LTS.

Original advisory details:

Hanno Böck discovered that libmspack incorrectly handled certain CHM
files. An attacker could possibly use this issue to cause a denial of
service. (CVE-2018-14679, CVE-2018-14680)

Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ
files. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2018-14681)

Dmitry Glavatskikh discovered that libmspack incorrectly certain CHM
files. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2018-14682)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
clamav                          0.100.1+dfsg-1ubuntu0.14.04.3

In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3728-2
https://usn.ubuntu.com/usn/usn-3728-1
CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682

Package Information:
https://launchpad.net/ubuntu/+source/clamav/0.100.1+dfsg-1ubuntu0.14.
04.3—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJbYwxAAAoJEEW851uECx9puK4P/04kkUuj81GEZ44E3RL5kqG4
kJINF6lcb2Rij9jOt2Xw+EoauNa8YxMeIx1yr/SnPid6FTD79ngXUUQ9NjX5rRFI
r/RkOp/2U5NGS3KiwVVDZm4IZTXO38VeDGhBZsqSoiG6kHji0EGg8DLQTlFq8Mmv
dS3II2MTVSQj3xGxMUnrhRJfHRkUkJsLRfRGTXVNnuLyCGdGkaGkL6n0C7YzmvBF
+IedNI6d90YgcfFcbrBNT3HOuQuKxBIuW5yWKhVQKNX4RVdYnwh9UcuFWFMTvG86
KVW/fP0S8z3BQ6CZj3wHXdcRA7ELFbdoUTbbgQhOO3+vDOnNMZmFAaDGJP305Q+7
v9Am5CCtvAQx0fM9l8M71Au1wxlbF1gjCJtMzaKIf5/Iu5fOGL/yhImLLx+RZJ5G
yNv3tnjzCPNdJxoh9yYz+iczc5p+XWPfe/Ni3Bc4lV1xqgE39xY1aVfbczYpbd6l
zRDeHXp+WPZbOzdPIZCix646Q+XZcue5tgJf21lNsd2Wg0Oj62jsAdWnE9SwJnxU
fHKkxIYUTU1ZsFH5hyJlWxp+OhDwvS1E+QgX+HaQGE90r20LOUwOZGdbhALqt7ik
kWlSOLvXD2ktsM3Y9gpufgbcGjuoxunlvEhOsPPPqK59DbyELOmFCkzFj09twpjB
G0Dj7Pz2+2IoIUyPWqWo
=FkDm
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3728-3
August 02, 2018

clamav vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in ClamAV.

Software Description:
– clamav: Anti-virus utility for Unix

Details:

USN-3728-2 fixed several vulnerabilities in ClamAV. This update
provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Hanno Böck discovered that libmspack incorrectly handled certain CHM
files. An attacker could possibly use this issue to cause a denial of
service. (CVE-2018-14679, CVE-2018-14680)

Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ
files. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2018-14681)

Dmitry Glavatskikh discovered that libmspack incorrectly certain CHM
files. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2018-14682)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
clamav                          0.100.1+dfsg-1ubuntu0.12.04.3

In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3728-3
https://usn.ubuntu.com/usn/usn-3728-1
CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJbYxUcAAoJEEW851uECx9pUDUP/A1PpcwYAmuUSRpFtY5zATew
2ev1Iik0AXkvTypBUvWsiD30PORZwY/XZJ5wr4K2V6XcLs+pSqv3K1NDjhFgMmEi
jsYJGSk819Fsv145f4Am51qK56rtft80rCV0aoos4PlNylVnRl905EyPaWeLHgxW
QCdf8L4/HfkvdC2Txo1pPpsyB1bu+0oKvLuqjH4sR0Q/+JUZOqBye2ASPdS11tOC
2QL7CfnfhxSPj8f+M2W4KF58/U4jPQagmNd1Qm9nD6UaejtfgLUhE/v6fhahx9E4
tbw+S7lvS5O3J3W1Xf83FCAkevChXib53BHDX8RS5f7BkM8UY9447if/YvXxgFKV
Zef/AJjC7AbPZPv2YcLrxekpKJRMheopLdhfiBZBZykjtxWrCkzuLTdP6fbRy7kq
y5sPv8JMG69e1tng2lnD25lpajmG8RiXB0g/TSeYljK0Z4WIAISNqRUNU/2Idjt4
PhUAFfohEEo68Zurb9tuRmyVvtgloJ4dj5hXaNwu/izq3PYA/pEC6ZqwuolH3n/9
zYBRmjYth4zkzjXptDldY7zhAUgS+2ZzBM15KI2001KcNww5wHmjZM/QozqHB8ke
ZH0BOhEQVP/NQ8OqSn2ePOBbtUNITf5aB1Pbye+3i4b9d6oAT/yPYqEnOq/uRgk7
DYeiQfKAcWcB8e4ctBWA
=Tk25
—–END PGP SIGNATURE—–

Top
More in Preporuke
Ranjivost Cisco Prime Collaboration Provisioning aplikacije

Otkrivena je ranjivost kod funkcije izmjene zaporke Cisco Prime Collaboration Provisioning aplikacije. Ranjivost je uzrokovana nedostatnom provjerom zahtjeva za izmjenu...

Close