Ubuntu 12.04 LTS: USN-1482-1 Critical: ClamAV Malware Detection Issue
Jun 19, 2012
•
LinuxSecurity Advisories
1 - 2 min read
Topics Covered
ClamAV could improperly detect malware if it opened a specially crafted file.
=========================================================================Ubuntu Security Notice USN-1482-1 June 19, 2012 clamav vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: ClamAV could improperly detect malware if it opened a specially crafted file. Software Description: - clamav: Anti-virus utility for Unix Details: It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a specially-crafted TAR file containing malware that could escape being detected. (CVE-2012-1457, CVE-2012-1459) It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a specially-crafted CHM file containing malware that could escape being detected. (CVE-2012-1458) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: clamav 0.97.5+dfsg-1ubuntu0.12.04.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.12.04.1 libclamav6 0.97.5+dfsg-1ubuntu0.12.04.1 Ubuntu 11.10: clamav 0.97.5+dfsg-1ubuntu0.11.10.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.10.1 libclamav6 0.97.5+dfsg-1ubuntu0.11.10.1 Ubuntu 11.04: clamav 0.97.5+dfsg-1ubuntu0.11.04.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.04.1 libclamav6 0.97.5+dfsg-1ubuntu0.11.04.1 Ubuntu 10.04 LTS: clamav 0.96.5+dfsg-1ubuntu1.10.04.4 clamav-daemon 0.96.5+dfsg-1ubuntu1.10.04.4 libclamav6 0.96.5+dfsg-1ubuntu1.10.04.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1482-1 CVE-2012-1457, CVE-2012-1458, CVE-2012-1459 Package Information: https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.1 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.1 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.1 https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4
PREVIOUS
NEXT
Ubuntu 12.04 LTS: USN-1482-1 Critical: ClamAV Malware Detection Issue
ubuntu
June 19, 2012
ClamAV could improperly detect malware if it opened a specially crafted file.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: clamav 0.97.5+dfsg-1ubuntu0.12.04.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.12.04.1 libclamav6 0.97.5+dfsg-1ubuntu0.12.04.1 Ubuntu 11.10: clamav 0.97.5+dfsg-1ubuntu0.11.10.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.10.1 libclamav6 0.97.5+dfsg-1ubuntu0.11.10.1 Ubuntu 11.04: clamav 0.97.5+dfsg-1ubuntu0.11.04.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.04.1 libclamav6 0.97.5+dfsg-1ubuntu0.11.04.1 Ubuntu 10.04 LTS: clamav 0.96.5+dfsg-1ubuntu1.10.04.4 clamav-daemon 0.96.5+dfsg-1ubuntu1.10.04.4 libclamav6 0.96.5+dfsg-1ubuntu1.10.04.4 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-1482-1
CVE-2012-1457, CVE-2012-1458, CVE-2012-1459
Severity
critical
Lowest
Low
Medium
High
Critical
June 19, 2012
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.1 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.1 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.1 https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!