Content-Disposition: inline ============================================================================ Ubuntu Security Notice USN-1482-3 August 16, 2012 clamav regression ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 Summary: USN-1482-1 introduced a regression in ClamAV that could cause it to fail to scan certain documents. Software Description: - clamav: Anti-virus utility for Unix Details: USN-1482-1 fixed vulnerabilities in ClamAV. The updated package could fail to properly scan files in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a specially-crafted TAR file containing malware that could escape being detected. (CVE-2012-1457, CVE-2012-1459) It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a specially-crafted CHM file containing malware that could escape being detected. (CVE-2012-1458) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: clamav 0.97.5+dfsg-1ubuntu0.12.04.3 libclamav6 0.97.5+dfsg-1ubuntu0.12.04.3 Ubuntu 11.10: clamav 0.97.5+dfsg-1ubuntu0.11.10.3 libclamav6 0.97.5+dfsg-1ubuntu0.11.10.3 Ubuntu 11.04: clamav 0.97.5+dfsg-1ubuntu0.11.04.3 libclamav6 0.97.5+dfsg-1ubuntu0.11.04.3 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1482-3 http://www.ubuntu.com/usn/usn-1482-1 https://launchpad.net/bugs/1015405 Package Information: https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.3 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.3 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.3