1. Ubuntu Security Notices
  2. USN-945-1

USN-945-1: ClamAV vulnerabilities

Publication date

27 May 2010

Overview

An attacker could send crafted input to ClamAV and cause it to crash.

Releases

Packages

  • clamav - anti-virus utility for Unix

Details

It was discovered that ClamAV did not properly reallocate memory when
processing certain PDF files. A remote attacker could send a specially
crafted PDF and crash ClamAV. (CVE-2010-1639)

An out of bounds memory access flaw was discovered in ClamAV. A remote
attacker could send a specially crafted Portable Executable (PE) file
and crash ClamAV. This issue only affected Ubuntu 10.04 LTS.
(CVE-2010-2077)

It was discovered that ClamAV did not properly reallocate memory when
processing certain PDF files. A remote attacker could send a specially
crafted PDF and crash ClamAV. (CVE-2010-1639)

An out of bounds memory access flaw was discovered in ClamAV. A remote
attacker could send a specially crafted Portable Executable (PE) file
and crash ClamAV. This issue only affected Ubuntu 10.04 LTS.
(CVE-2010-2077)

Update instructions

In general, a standard system update will make all the necessary changes. For Ubuntu 10.04 LTS, this update uses a new upstream release, which includes additional bug fixes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
9.10 karmic libclamav6 –  0.95.3+dfsg-1ubuntu0.09.10.2
9.04 jaunty libclamav6 –  0.95.3+dfsg-1ubuntu0.09.04.2
10.04 lucid libclamav6 –  0.96.1+dfsg-0ubuntu0.10.04.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›