Debian LTS: DLA-1953-1: clamav security update

    Date10 Oct 2019
    CategoryDebian LTS
    510
    Posted ByLinuxSecurity Advisories
    Debianlts Large
    It was discovered that clamav, the open source antivirus engine, is affected by the following security vulnerabilities: CVE-2019-12625
    
    Package        : clamav
    Version        : 0.101.4+dfsg-0+deb8u1
    CVE ID         : CVE-2019-12625 CVE-2019-12900
    Debian Bug     : 34359
    
    It was discovered that clamav, the open source antivirus engine, is affected by
    the following security vulnerabilities:
    
    CVE-2019-12625
    
        Denial of Service (DoS) vulnerability, resulting from excessively long scan
        times caused by non-recursive zip bombs. Among others, this issue was
        mitigated by introducing a scan time limit.
    
    CVE-2019-12900
    
        Out-of-bounds write in ClamAV's NSIS bzip2 library when attempting
        decompression in cases where the number of selectors exceeded the max limit
        set by the library.
    
    This update triggers a transition from libclamav7 to libclama9. As a result,
    several other packages will be recompiled against the fixed package after the
    release of this update: dansguardian, havp, python-pyclamav, c-icap-modules.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    0.101.4+dfsg-0+deb8u1.
    
    We recommend that you upgrade your clamav packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"36","type":"x","order":"1","pct":50.7,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":14.08,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":35.21,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.