Monday, February 2, 2015

USN-2488-1: ClamAV vulnerability

Ubuntu Security Notice USN-2488-1


2nd February, 2015


clamav vulnerability


A security issue affects these releases of Ubuntu and its derivatives:



  • Ubuntu 14.10

  • Ubuntu 14.04 LTS

  • Ubuntu 12.04 LTS


Summary


ClamAV could be made to crash or run programs if it processed a specially crafted file.


Software description



  • clamav - Anti-virus utility for Unix


Details


Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled

certain upack packer files. An attacker could possibly use this issue to

cause ClamAV to crash, resulting in a denial of service, or possibly

execute arbitrary code.


Update instructions


The problem can be corrected by updating your system to the following package version:



Ubuntu 14.10:

clamav 0.98.6+dfsg-0ubuntu0.14.10.1

Ubuntu 14.04 LTS:

clamav 0.98.6+dfsg-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:

clamav 0.98.6+dfsg-0ubuntu0.12.04.1


To update your system, please follow these instructions: http://bit.ly/1aJDvTw.


This update uses a new upstream release, which includes additional bug

fixes. In general, a standard system update will make all the necessary

changes.


References


CVE-2014-9328






from Ubuntu Security Notices http://bit.ly/1D6qHXO
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)