Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 21.04 USN-4918-3 Moderate: ClamAV Denial Of Service Issue

ubuntu
Calendar Grey May 4, 2021
Dist Ubuntu Esm H88
A regression problem with ClamAV on Ubuntu could result in unsuccessful scanning operations. Prompt action for an update is advised.
USN-4918-1 introduced a regression in ClamAV that could cause it to fail to scan.

Summary

USN-4918-1 introduced a regression in ClamAV that could cause it to fail to scan.

Software Description:

- clamav: Anti-virus utility for Unix

Details:

USN-4918-1 fixed vulnerabilities in ClamAV. The updated package could

fail to properly scan in some situations. This update fixes

the problem.

Original advisory details:

It was discovered that ClamAV incorrectly handled parsing Excel documents.

A remote attacker could possibly use this issue to cause ClamAV to hang,

resulting in a denial of service. (CVE-2021-1252)

It was discovered that ClamAV incorrectly handled parsing PDF documents. A

remote attacker could possibly use this issue to cause ClamAV to crash,

resulting in a denial of service. (CVE-2021-1404)

It was discovered that ClamAV incorrectly handled parsing email. A remote

attacker could possibly use this issue to cause ClamAV to crash, resulting

in a denial of service. (CVE-2021-1405)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
  clamav                          0.103.2+dfsg-1ubuntu0.21.04.1
  libclamav9                      0.103.2+dfsg-1ubuntu0.21.04.1

Ubuntu 20.10:
  clamav                          0.103.2+dfsg-0ubuntu0.20.10.2
  libclamav9                      0.103.2+dfsg-0ubuntu0.20.10.2

Ubuntu 20.04 LTS:
  clamav                          0.103.2+dfsg-0ubuntu0.20.04.2
  libclamav9                      0.103.2+dfsg-0ubuntu0.20.04.2

Ubuntu 18.04 LTS:
  clamav                          0.103.2+dfsg-0ubuntu0.18.04.2
  libclamav9                      0.103.2+dfsg-0ubuntu0.18.04.2

Ubuntu 16.04 ESM:
  clamav                          0.103.2+dfsg-0ubuntu0.16.04.1+esm1
  libclamav9                      0.103.2+dfsg-0ubuntu0.16.04.1+esm1

Ubuntu 14.04 ESM:
  clamav                          0.103.2+dfsg-0ubuntu0.14.04.1+esm2
  libclamav9                      0.103.2+dfsg-0ubuntu0.14.04.1+esm2

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References

https://ubuntu.com/security/notices/USN-4918-3

https://ubuntu.com/security/notices/USN-4918-1

https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1926300

May 03, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here