Ubuntu 12.04 LTS: USN-1482-2 Critical Trojan Detection Flaw
Jun 20, 2012
•
LinuxSecurity Advisories
1 - 2 min read
Topics Covered
ClamAV could improperly detect malware if it opened a specially crafted file.
=========================================================================Ubuntu Security Notice USN-1482-2 June 20, 2012 clamav regression ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 Summary: ClamAV could improperly detect malware if it opened a specially crafted file. Software Description: - clamav: Anti-virus utility for Unix Details: USN-1482-1 fixed vulnerabilities in ClamAV. The updated packages could fail to install in certain situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a specially-crafted TAR file containing malware that could escape being detected. (CVE-2012-1457, CVE-2012-1459) It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a specially-crafted CHM file containing malware that could escape being detected. (CVE-2012-1458) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: clamav 0.97.5+dfsg-1ubuntu0.12.04.2 clamav-daemon 0.97.5+dfsg-1ubuntu0.12.04.2 libclamav6 0.97.5+dfsg-1ubuntu0.12.04.2 Ubuntu 11.10: clamav 0.97.5+dfsg-1ubuntu0.11.10.2 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.10.2 libclamav6 0.97.5+dfsg-1ubuntu0.11.10.2 Ubuntu 11.04: clamav 0.97.5+dfsg-1ubuntu0.11.04.2 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.04.2 libclamav6 0.97.5+dfsg-1ubuntu0.11.04.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1482-2 https://ubuntu.com/security/notices/USN-1482-1 https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1015337 Package Information: https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.2 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.2 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.2
PREVIOUS
NEXT
Ubuntu 12.04 LTS: USN-1482-2 Critical Trojan Detection Flaw
ubuntu
June 20, 2012
ClamAV could improperly detect malware if it opened a specially crafted file.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: clamav 0.97.5+dfsg-1ubuntu0.12.04.2 clamav-daemon 0.97.5+dfsg-1ubuntu0.12.04.2 libclamav6 0.97.5+dfsg-1ubuntu0.12.04.2 Ubuntu 11.10: clamav 0.97.5+dfsg-1ubuntu0.11.10.2 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.10.2 libclamav6 0.97.5+dfsg-1ubuntu0.11.10.2 Ubuntu 11.04: clamav 0.97.5+dfsg-1ubuntu0.11.04.2 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.04.2 libclamav6 0.97.5+dfsg-1ubuntu0.11.04.2 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-1482-2
https://ubuntu.com/security/notices/USN-1482-1
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1015337
Severity
critical
Lowest
Low
Medium
High
Critical
June 20, 2012
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.2 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.2 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.2
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!