Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu: USN-4280-2 Moderate: ClamAV Denial Of Service Risk

ubuntu
Calendar Grey February 18, 2020
Dist Ubuntu Esm H88
Ubuntu Alert USN-4280-2 indicates ClamAV failure due to specially designed files. Critical update required to maintain security.
ClamAV could be made to crash if it opened a specially crafted file.

Summary

ClamAV could be made to crash if it opened a specially crafted file.

Software Description:

- clamav: Anti-virus utility for Unix

Details:

USN-4280-1 fixed a vulnerability in ClamAV. This update provides

the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that ClamAV incorrectly handled memory when the

Data-Loss-Prevention (DLP) feature was enabled. A remote attacker could

possibly use this issue to cause ClamAV to crash, resulting in a denial of

service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  clamav                          0.102.2+dfsg-0ubuntu0.14.04.1+esm1

Ubuntu 12.04 ESM:
  clamav                          0.102.2+dfsg-0ubuntu0.12.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary

References

https://ubuntu.com/security/notices/USN-4280-1

CVE-2020-3123

February 18, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here