USN-1031-1: ClamAV vulnerabilities
Ubuntu Security Notice USN-1031-1
9th December, 2010
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Software description
- clamav
Details
Arkadiusz Miskiewicz and others discovered that the PDF processing
code in libclamav improperly validated input. This could allow a
remote attacker to craft a PDF document that could crash clamav or
possibly execute arbitrary code. (CVE-2010-4260, CVE-2010-4479)
It was discovered that an off-by-one error in the icon_cb function
in pe_icons.c in libclamav could allow an attacker to corrupt
memory, causing clamav to crash or possibly execute arbitrary code.
(CVE-2010-4261)
In the default installation, attackers would be isolated by the
clamav AppArmor profile.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 10.10:
- libclamav6 0.96.3+dfsg-2ubuntu1.2
- Ubuntu 10.04 LTS:
- libclamav6 0.96.3+dfsg-2ubuntu1.0.10.04.2
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.