– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201804-16
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
https://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: ClamAV: Multiple vulnerabilities
Date: April 22, 2018
Bugs: #623534, #625632, #628686, #628690, #649314
ID: 201804-16

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
========

Multiple vulnerabilities have been found in ClamAV, the worst of which
may allow remote attackers to execute arbitrary code.

Background
==========

ClamAV is a GPL virus scanner.

Affected packages
=================

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 app-antivirus/clamav < 0.99.4 >= 0.99.4

Description
===========

Multiple vulnerabilities have been discovered in ClamAV. Please review
the CVE identifiers referenced below for details.

Impact
======

A remote attacker, through multiple vectors, could execute arbitrary
code, cause a Denial of Service condition, or have other unspecified
impacts.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All ClamAV users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=app-antivirus/clamav-0.99.4”

References
==========

[ 1 ] CVE-2012-6706
https://nvd.nist.gov/vuln/detail/CVE-2012-6706
[ 2 ] CVE-2017-11423
https://nvd.nist.gov/vuln/detail/CVE-2017-11423
[ 3 ] CVE-2017-6418
https://nvd.nist.gov/vuln/detail/CVE-2017-6418
[ 4 ] CVE-2017-6419
https://nvd.nist.gov/vuln/detail/CVE-2017-6419
[ 5 ] CVE-2017-6420
https://nvd.nist.gov/vuln/detail/CVE-2017-6420
[ 6 ] CVE-2018-0202
https://nvd.nist.gov/vuln/detail/CVE-2018-0202
[ 7 ] CVE-2018-1000085
https://nvd.nist.gov/vuln/detail/CVE-2018-1000085

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201804-16

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
—–BEGIN PGP SIGNATURE—–

iQEzBAEBCAAdFiEEiDRK3jyVBE/RkymqpRQw84X1dt0FAlrdDc4ACgkQpRQw84X1
dt3wwgf+NOVZz1rJ/bE7fXVBffJ1RWD1mvWyeaLmIXxpPM5qlM/YsXj7j9WCrK12
BTjqGtHD7f35bY7/dWiYQbtjLEfI9y6ZNm1W8KlwijipChQNAZveVwVrckLIuxdQ
XgehE7JcuwFQVCzfzyXhV+NjPX/g8BT/B4M6xlcHhO5jkgX3FvBdZDP2B8J2pYYx
waKMptjyE0rEh6R1C1yp/Z7fkVkFePn062TOqS4A1ehNzyY22n0Fptgk+w99ytbC
5KGDZlpRDGAeyDc4cQuk6qt8p9lIE1A8t3kyMWBK41xXG7HWCBty+ynkHFhaN8n8
4l0sPoe1tC+7u2qkR37WXmI3c+Kyww==
=u/h0
—–END PGP SIGNATURE—–