USN-1031-1: ClamAV vulnerabilities
10 December 2010
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary
Software Description
- clamav
Details
Arkadiusz Miskiewicz and others discovered that the PDF processing code in libclamav improperly validated input. This could allow a remote attacker to craft a PDF document that could crash clamav or possibly execute arbitrary code. (CVE-2010-4260, CVE-2010-4479)
It was discovered that an off-by-one error in the icon_cb function in pe_icons.c in libclamav could allow an attacker to corrupt memory, causing clamav to crash or possibly execute arbitrary code. (CVE-2010-4261)
In the default installation, attackers would be isolated by the clamav AppArmor profile.
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 10.10
- libclamav6 - 0.96.3+dfsg-2ubuntu1.2
- Ubuntu 10.04 LTS
- libclamav6 - 0.96.3+dfsg-2ubuntu1.0.10.04.2
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.