Ubuntu 1031-1: ClamAV vulnerabilities

    Date09 Dec 2010
    CategoryUbuntu
    51
    Posted ByLinuxSecurity Advisories
    Arkadiusz Miskiewicz and others discovered that the PDF processingcode in libclamav improperly validated input. This could allow aremote attacker to craft a PDF document that could crash clamav orpossibly execute arbitrary code. (CVE-2010-4260, CVE-2010-4479) [More...]
    ===========================================================
    Ubuntu Security Notice USN-1031-1         December 10, 2010
    clamav vulnerabilities
    CVE-2010-4260, CVE-2010-4261, CVE-2010-4479
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 10.04 LTS
    Ubuntu 10.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 10.04 LTS:
      libclamav6                      0.96.3+dfsg-2ubuntu1.0.10.04.2
    
    Ubuntu 10.10:
      libclamav6                      0.96.3+dfsg-2ubuntu1.2
    
    In general, a standard system update will make all the necessary changes.
    
    Details follow:
    
    Arkadiusz Miskiewicz and others discovered that the PDF processing
    code in libclamav improperly validated input. This could allow a
    remote attacker to craft a PDF document that could crash clamav or
    possibly execute arbitrary code. (CVE-2010-4260, CVE-2010-4479)
    
    It was discovered that an off-by-one error in the icon_cb function
    in pe_icons.c in libclamav could allow an attacker to corrupt
    memory, causing clamav to crash or possibly execute arbitrary code.
    (CVE-2010-4261)
    
    In the default installation, attackers would be isolated by the
    clamav AppArmor profile.
    
    
    Updated packages for Ubuntu 10.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2.diff.gz
          Size/MD5:   284066 72a7c4ff80f395c5dc8e4e7acd6fcd39
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2.dsc
          Size/MD5:     2323 d1d47147356bfaf610c993b8a9ed0530
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg.orig.tar.gz
          Size/MD5: 40572329 730c1af9badcee2bce4bbaf1cf8ea20a
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.96.3+dfsg-2ubuntu1.0.10.04.2_all.deb
          Size/MD5:   297088 745b7132479daa4dbdc5ca6cc023e0b2
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.96.3+dfsg-2ubuntu1.0.10.04.2_all.deb
          Size/MD5:  1295426 b03dae836f5cdf461c3a5f6a98a7363f
        http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.96.3+dfsg-2ubuntu1.0.10.04.2_all.deb
          Size/MD5:  5257088 aa5604ebd0f1e4646ce5d9e056513d11
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
          Size/MD5:   424096 28c2f45042aafbf487e59ce679327bb3
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
          Size/MD5: 22343058 abe9dff9f24f9f9b6b9f9faf5be2936b
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
          Size/MD5:   313300 e88ecbee6c0f900b5854b2c1ca9b0771
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
          Size/MD5:   335490 6d0081c84e0f46ee73bbf452309c03a3
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
          Size/MD5:   217914 11b54c1f926069a93149ce28b7cf5325
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
          Size/MD5:  3898290 0bd7e669232378b4b83a8bfdd0c8d716
        http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
          Size/MD5:   345108 843a766d2909777cc88ccbf03468a6fa
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
          Size/MD5:   410854 416f5d73612e5d37fbb904bb80dffb49
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
          Size/MD5: 22043342 aa53f5f25b3a28b22315e17544bd7a6d
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
          Size/MD5:   308344 d090653db3483820420e465513b7d858
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
          Size/MD5:   327348 4cdcc06e3cfb9c241c7d6f560963116b
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
          Size/MD5:   218084 752cc79037d5f08df096c528bc7eb8b6
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
          Size/MD5:  3751526 c6dc2280d050c37f1f82ce62ba612cac
        http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
          Size/MD5:   338432 7156843fc6e5b7087d1fba58177ee81f
    
      armel architecture (ARM Architecture):
    
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
          Size/MD5:   406882 b19ca9fc2963a4fe76940587ca7f8442
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
          Size/MD5:  1495938 235245876f8a1fd659ad3696e0b8cff0
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
          Size/MD5:   309068 4901391a555ca3b99facd67598e3ef63
        http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
          Size/MD5:   325884 8a8c68c7bef2a417c05140649aabb9e7
        http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
          Size/MD5:   217988 af08d9ccb28d785bd3067cee79f2d342
        http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
          Size/MD5:   692904 0a11d55c4b11b7c4b6fde5b7ae283f96
        http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
          Size/MD5:   338696 3956ef9d6b6a60777ac474f39594f5b7
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
          Size/MD5:   424978 52b56412f9313f830a49e6730f7bb4f1
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
          Size/MD5: 21946304 dadb3d6e3edd3d878c23043e0b3584d8
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
          Size/MD5:   312588 525bf79e6f80fa681de6e53a177fe4c8
        http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
          Size/MD5:   332978 b5e3e48ab070066931c15f0f9843b71c
        http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
          Size/MD5:   217914 7dd955a186cb8879aa479dd624b9f83a
        http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
          Size/MD5:  3694500 19f57c2f9c3330de8403f95ed26bd89a
        http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
          Size/MD5:   346032 4dcf3621752746f0683e88cfae681f98
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
          Size/MD5:   417504 47562db771ffce66d1e33b023815529b
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
          Size/MD5:  1521812 7e2834b60264a9944b54182dd66d2644
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
          Size/MD5:   310268 09362fd78f8dd8aa40bf8d638f7e953c
        http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
          Size/MD5:   330544 243c260c46b4786b22a831feca6c22a6
        http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
          Size/MD5:   217912 140f98988be6715168cf7f5422ab6f76
        http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
          Size/MD5:   772802 dd43c6b2029227a726eb3f5ab90e944a
        http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
          Size/MD5:   343194 6e4b332cb4162cd29895a4b5171d2abd
    
    Updated packages for Ubuntu 10.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.2.diff.gz
          Size/MD5:   291139 9ce8ad8427f113d6e329a3c3812d68c0
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.2.dsc
          Size/MD5:     2291 337c8ca91f8956bb01144d4bf3f13609
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg.orig.tar.gz
          Size/MD5: 40572329 730c1af9badcee2bce4bbaf1cf8ea20a
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.96.3+dfsg-2ubuntu1.2_all.deb
          Size/MD5:   299354 0702fd8ea1c31955e8fc797ae87c46b2
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.96.3+dfsg-2ubuntu1.2_all.deb
          Size/MD5:  1288682 882a0315fe510542baab00e77d557a78
        http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.96.3+dfsg-2ubuntu1.2_all.deb
          Size/MD5:  5257128 6e78e746dcee221c2e95bc4dfa05f362
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.2_amd64.deb
          Size/MD5:   423112 f64bda3984cd1f8b760f5da57d3bca92
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.2_amd64.deb
          Size/MD5: 22417984 963e7c2edb60496ca072725e539e5b41
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.2_amd64.deb
          Size/MD5:   311226 0a361a85a35b6650d00fbe84c5a7580a
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.2_amd64.deb
          Size/MD5:   334098 32f9b98511150530ad007a7c93c40386
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.2_amd64.deb
          Size/MD5:   217926 e1c3ab677049300717250e3908666cd1
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.2_amd64.deb
          Size/MD5:  3922972 35138e4e10a58348be364e5b19ea5df9
        http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.2_amd64.deb
          Size/MD5:   342886 de12b75256683c846f2919c696c71887
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.2_i386.deb
          Size/MD5:   410320 a7060679083c339a102a767ed2a3d9f7
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.2_i386.deb
          Size/MD5: 21960252 d96e86f0a3d8cddd55cfc3bea3ef3daf
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.2_i386.deb
          Size/MD5:   310040 a482134aedc49b9a7eff0186fb6035cd
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.2_i386.deb
          Size/MD5:   327554 f969082370c05ca79fcaf44062adebee
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.2_i386.deb
          Size/MD5:   217872 8f719985193939a25b03473bfbbcb952
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.2_i386.deb
          Size/MD5:  3725056 58b1925563125ea7eddb29731d27374a
        http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.2_i386.deb
          Size/MD5:   340596 10c0a5c04be3d339c5301df687cb7487
    
      armel architecture (ARM Architecture):
    
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.2_armel.deb
          Size/MD5:   416402 e22a834a33f2d363598865896256c192
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.2_armel.deb
          Size/MD5:  1530710 01fd1a616c74c7612913b3cc8a875395
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.2_armel.deb
          Size/MD5:   308092 4a743b08c9a1c8ad4ec79a6455334486
        http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.2_armel.deb
          Size/MD5:   328372 0ca2551f95b67a8af4c285e36b1efc50
        http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.2_armel.deb
          Size/MD5:   217954 db4b7c26334bc6f9a48af201f3c8ce53
        http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.2_armel.deb
          Size/MD5:   762684 87f79650eea51f5bca7953b4108f44c7
        http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.2_armel.deb
          Size/MD5:   341370 f941f44011e8220f1a1369e575ca8511
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
          Size/MD5:   423734 a3cba413ddba7c8c869ef1052695d72f
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
          Size/MD5: 21943056 c945d37dfdc2f90cfdd3afa9e13770ff
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
          Size/MD5:   312116 f75d13c70a666b6c50c94f11d8fc5fc7
        http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
          Size/MD5:   332152 9875d25fd10e30aa1caa97274fc6490c
        http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
          Size/MD5:   217878 dd01a33de40da567649a02f9bee20135
        http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
          Size/MD5:  3689510 ff8cd6d3eb28b66036db5ada5629cd7e
        http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
          Size/MD5:   345698 af4e9a8d36665dce94083e6c499ffdb3
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.11,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":33.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.