Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Ubuntu 11.10 USN-1258-1 Moderate: ClamAV Denial Of Service

Calendar Nov 10, 2011 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service moderate severity ubuntu clamav
ClamAV could be made to crash or run programs as your login if it opened a specially crafted file. 
=========================================================================Ubuntu Security Notice USN-1258-1
November 10, 2011

clamav vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

ClamAV could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
- clamav: Anti-virus utility for Unix

Details:

Stephane Chazelas discovered the bytecode engine of ClamAV improperly
handled recursion under certain circumstances. This could allow a remote
attacker to craft a file that could cause ClamAV to crash, resulting in a
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
  libclamav6                      0.97.3+dfsg-1ubuntu0.11.10.1

Ubuntu 11.04:
  libclamav6                      0.97.3+dfsg-1ubuntu0.11.04.1

Ubuntu 10.10:
  libclamav6                      0.96.5+dfsg-1ubuntu1.10.10.3

Ubuntu 10.04 LTS:
  libclamav6                      0.96.5+dfsg-1ubuntu1.10.04.3

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-1258-1
  CVE-2011-3627

Package Information:
  https://launchpad.net/ubuntu/+source/clamav/0.97.3+dfsg-1ubuntu0.11.10.1
  https://launchpad.net/ubuntu/+source/clamav/0.97.3+dfsg-1ubuntu0.11.04.1
  https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.10.3
  https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.3

Ubuntu 11.10 USN-1258-1 Moderate: ClamAV Denial Of Service

ubuntu
Calendar Grey November 10, 2011
Dist Ubuntu Esm H88
Uncover the flaw in ClamAV that potentially enables distant adversaries to destabilize the application or run code under specific circumstances.
ClamAV could be made to crash or run programs as your login if it opened a specially crafted file.

Summary

Topics%20covered

Topics Covered

security advisory denial of service moderate severity ubuntu clamav

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: libclamav6 0.97.3+dfsg-1ubuntu0.11.10.1 Ubuntu 11.04: libclamav6 0.97.3+dfsg-1ubuntu0.11.04.1 Ubuntu 10.10: libclamav6 0.96.5+dfsg-1ubuntu1.10.10.3 Ubuntu 10.04 LTS: libclamav6 0.96.5+dfsg-1ubuntu1.10.04.3 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-1258-1

CVE-2011-3627

Severity
important
Lowest
Low
Medium
High
Critical

November 10, 2011

Topics%20covered

Topics Covered

security advisory denial of service moderate severity ubuntu clamav

Package Information

https://launchpad.net/ubuntu/+source/clamav/0.97.3+dfsg-1ubuntu0.11.10.1 https://launchpad.net/ubuntu/+source/clamav/0.97.3+dfsg-1ubuntu0.11.04.1 https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.10.3 https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here