Ubuntu Security Notice 2423-1 - Kurt Seifried discovered that ClamAV incorrectly handled certain JavaScript files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Damien Millescamp discovered that ClamAV incorrectly handled certain PE files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
d6092dd8150ce52077c247cd9ef37e9c7460b34082e92cd732c24dd6bdcedf14
==========================================================================
Ubuntu Security Notice USN-2423-1
November 26, 2014
clamav vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
ClamAV could be made to crash or run programs if it processed a specially
crafted file.
Software Description:
- clamav: Anti-virus utility for Unix
Details:
Kurt Seifried discovered that ClamAV incorrectly handled certain JavaScript
files. An attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2013-6497)
Damien Millescamp discovered that ClamAV incorrectly handled certain PE
files. An attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2014-9050)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
clamav 0.98.5+dfsg-0ubuntu0.14.10.1
Ubuntu 14.04 LTS:
clamav 0.98.5+addedllvm-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
clamav 0.98.5+addedllvm-0ubuntu0.12.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
http://www.ubuntu.com/usn/usn-2423-1
CVE-2013-6497, CVE-2014-9050
Package Information:
https://launchpad.net/ubuntu/+source/clamav/0.98.5+dfsg-0ubuntu0.14.10.1
https://launchpad.net/ubuntu/+source/clamav/0.98.5+addedllvm-0ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/clamav/0.98.5+addedllvm-0ubuntu0.12.04.1