Ubuntu Security Notice 6636-1 - It was discovered that ClamAV incorrectly handled parsing certain OLE2 files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Amit Schendel discovered that the ClamAV ClamD service incorrectly handled the VirusEvent feature. An attacker able to connect to ClamD could possibly use this issue to execute arbitrary code.
4233521b1bfeb5ef13d5d7a96d44be5ec9fab356eb2b34b1c3a131adc45c3065==========================================================================
Ubuntu Security Notice USN-6636-1
February 14, 2024
clamav vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
Summary:
Several security issues were fixed in ClamAV.
Software Description:
- clamav: Anti-virus utility for Unix
Details:
It was discovered that ClamAV incorrectly handled parsing certain OLE2
files. A remote attacker could possibly use this issue to cause ClamAV to
crash, resulting in a denial of service. (CVE-2024-20290)
Amit Schendel discovered that the ClamAV ClamD service incorrectly handled
the VirusEvent feature. An attacker able to connect to ClamD could possibly
use this issue to execute arbitrary code. (CVE-2024-20328)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
clamav 1.0.5+dfsg-0ubuntu0.23.10.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-6636-1
CVE-2024-20290, CVE-2024-20328
Package Information:
https://launchpad.net/ubuntu/+source/clamav/1.0.5+dfsg-0ubuntu0.23.10.1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed