USN-3814-2: ClamAV vulnerabilities
Publication date
13 November 2018
Overview
Several security issues were fixed in ClamAV.
Releases
Packages
- clamav - Anti-virus utility for Unix
Details
Updated: 2018-11-21: The embedded version of libmspack in ClamAV was
found to not be affected by the listed vulnerabilities, therefore the
following is not applicable.
USN-3814-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04
libmspack is included into ClamAV. This update provides the
corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered libmspack incorrectly handled certain malformed CAB files.
A remote attacker could use this issue to cause libmspack to crash, resulting
in a denial of service. (CVE-2018-18584, CVE-2018-18585)
Updated: 2018-11-21: The embedded version of libmspack in ClamAV was
found to not be affected by the listed vulnerabilities, therefore the
following is not applicable.
USN-3814-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04
libmspack is included into ClamAV. This update provides the
corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered libmspack incorrectly handled certain malformed CAB files.
A remote attacker could use this issue to cause libmspack to crash, resulting
in a denial of service. (CVE-2018-18584, CVE-2018-18585)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 14.04 trusty | clamav – 0.100.2+dfsg-1ubuntu0.14.04.2 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.