[USN-3814-3] ClamAV vulnerabilities

protocol=”application/pgp-signature”; boundary=”=-7XOT/2/FieCLgMDJzwMn”

–=-7XOT/2/FieCLgMDJzwMn

Content-Transfer-Encoding: quoted-printable

=
=

Ubuntu Security Notice USN-3814-3
November 13, 2018

clamav vulnerabilities
=
=

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in ClamAV.

Software Description:
– clamav: Anti-virus utility for Unix

Details:

USN-3814-2 fixed several vulnerabilities in clamav. This update
provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

=C2=A0It was discovered ClamAV incorrectly handled certain malformed CAB
=C2=A0files. A remote attacker could use this issue to cause ClamAV to
=C2=A0crash, resulting in a denial of service. (CVE-2018-18584,CVE-2018-
18585)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
=C2=A0 clamav=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A00.100.2+dfsg-1ubuntu0.12.04.2

In general, a standard system update will make all the necessary
changes.

References:
=C2=A0 https://usn.ubuntu.com/usn/usn-3814-3
=C2=A0 https://usn.ubuntu.com/usn/usn-3814-1
=C2=A0 CVE-2018-18584, CVE-2018-18585
–=-7XOT/2/FieCLgMDJzwMn

Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJb6rp3AAoJEEW851uECx9pbSoP/3ctZucu4hXdXDsj6OBg2SMm
dul/t+qf4pTxext9eWvLewiTxmCUnp9+8Q97w3mK3cnp+9/MG3/KlwUpvkx+8fO3
nZzi8GJwOW8VOTvA6H6CB6aZAcgG8suua9RZpXmTP+ur5RLi/3w1mkJc4/cXxGuA
Y1850T5jKgd/X3vL/AHepL1s1V9r7Y0CHOqlIShMbRtXTrBX34V/RPOTYuF8+Gix
WQ3Kb9I43DVVAaLXU1jI0iJzGlpzYIcZnTCv+SLMNCcrQ6H7NshzUAdez0KgbHfF
jNuCxnEoRQdVz9M58Z9aRagULEKwlJYHTFrp9737eIhfAavjYLQYCnxIB28sg7yA
XQVlL4IaSa1bulaZHcdWWYMO5bqhyeKPXH9EUkET5cZfDaKzVrar5O8smI3SRL6N
TiK8v8YtAu8k69rT1P0Lh3/bpeY0jr2f/5C9IIAo+wniEp9q/TbWP5gkkpcVcbfd
Jrd0Uk8+sRqjDYhY8ehfyalKbXiyENh3Dh5B/ZSBNEiiKoSy+4ByQ3eSoX2Bu4SC
b5qTzjNX84eii1SVmAtBI+T9iWNDWG8Hwbxibi7txjA3/WJa17fXBnrSluaQo8rv
A3mkxBpnUM0gU5UlR7mX7mLcXJufMM0/H5KzokFoBf3SgFBGzM8f1jiDgwVgZbXE
rtU7vsEhR+QQqFwzXrvJ
=KhEM
—–END PGP SIGNATURE—–

–=-7XOT/2/FieCLgMDJzwMn–

MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK