[USN-3393-2] ClamAV vulnerabilities
Leonidas S. Barbosa
leo.barbosa at canonical.com
Thu Aug 17 19:30:45 UTC 2017
Ubuntu Security Notice USN-3393-2
August 17, 2017
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Several security issues were fixed in ClamAV.
- clamav: Anti-virus utility for Unix
USN-3393-1 fixed several vulnerabilities in ClamAV. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that ClamAV incorrectly handled parsing certain
e- mail messages. A remote attacker could possibly use this issue to
cause ClamAV to crash, resulting in a denial of service.
It was discovered that ClamAV incorrectly handled certain malformed
CHM files. A remote attacker could use this issue to cause ClamAV to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 14.04 LTS. In the default
installation, attackers would be isolated by the ClamAV AppArmor
It was discovered that ClamAV incorrectly handled parsing certain PE
files with WWPack compression. A remote attacker could possibly use
this issue to cause ClamAV to crash, resulting in a denial of service.
The problem can be corrected by updating your system to the following
Ubuntu 12.04 ESM:
In general, a standard system update will make all the necessary
CVE-2017-6418, CVE-2017-6419, CVE-2017-6420
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: This is a digitally signed message part
More information about the ubuntu-security-announce