UbuntuUpdates.org

Package "clamav"

Name: clamav

Description:

anti-virus utility for Unix - command-line interface

Latest version: 0.100.2+dfsg-1ubuntu0.14.04.2
Release: trusty (14.04)
Level: security
Repository: main
Homepage: https://www.clamav.net/

Links

Save this URL for the latest version of "clamav": https://www.ubuntuupdates.org/clamav


Download "clamav"


Other versions of "clamav" in Trusty

Repository Area Version
base main 0.98.1+dfsg-4ubuntu1
base universe 0.98.1+dfsg-4ubuntu1
security universe 0.100.2+dfsg-1ubuntu0.14.04.2
updates universe 0.100.2+dfsg-1ubuntu0.14.04.2
updates main 0.100.2+dfsg-1ubuntu0.14.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.100.2+dfsg-1ubuntu0.14.04.2 2018-11-13 04:06:19 UTC

  clamav (0.100.2+dfsg-1ubuntu0.14.04.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-18585.patch: Ensure file names are valid in
      libclamav/libmspack-0.5alpha/mspack/chmd.c
    - CVE-2018-18585
  * SECURITY UPDATE: One byte buffer overflow -
    - debian/patches/CVE-2018-18584.patch: Ensure input buffer is large
      enough in libclamav/libmspack-0.5alpha/mspack/cab.h
    - CVE-2018-18584

 -- Alex Murray <email address hidden> Fri, 09 Nov 2018 16:38:09 +1030

Source diff to previous version
CVE-2018-18585 chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0"
CVE-2018-18584 In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum bloc

Version: 0.100.2+dfsg-1ubuntu0.14.04.1 2018-10-11 18:06:55 UTC

  clamav (0.100.2+dfsg-1ubuntu0.14.04.1) trusty-security; urgency=medium

  * Updated to version 0.100.2 to fix security issue.
    - CVE-2018-15378
  * Bump to new symbol version
    - debian/rules: set CL_FLEVEL 93.
    - debian/libclamav7.symbols: updated to new version.
  * Removed patches included in new version:
    - debian/patches/CVE-2018-14679-and-CVE-2018-14680.patch
    - debian/patches/CVE-2018-14681.patch
    - debian/patches/CVE-2018-14682.patch

 -- Marc Deslauriers <email address hidden> Wed, 10 Oct 2018 13:33:17 -0400

Source diff to previous version
CVE-2018-15378 denial-of-service in MEW unpacking feature
CVE-2018-14679 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks
CVE-2018-14680 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
CVE-2018-14681 An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or tw
CVE-2018-14682 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

Version: 0.100.1+dfsg-1ubuntu0.14.04.4 2018-09-18 08:06:57 UTC

  clamav (0.100.1+dfsg-1ubuntu0.14.04.4) trusty-security; urgency=medium

  * debian/clamav-daemon.config.in: fix infinite loop during
    dpkg-reconfigure (LP: #1792051)

 -- Marc Deslauriers <email address hidden> Thu, 13 Sep 2018 14:00:26 -0400

Source diff to previous version
1792051 [regression] clamav-daemon: Infinite loop at dpkg-reconfigure

Version: 0.100.1+dfsg-1ubuntu0.14.04.3 2018-08-02 13:07:26 UTC

  clamav (0.100.1+dfsg-1ubuntu0.14.04.3) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14679-and-CVE-2018-14680.patch:
      fix in libclamav/libmspack-0.5alpha/mspack/cchmd.c.
    - CVE-2018-14679
    - CVE-2018-14680
  * SECURITY UPDATE: Bytes overwire with bad KWAJ file extension
    - debian/patches/CVE-2018-14681.patch: fix in
      libclamav/libmspack-0.5alpha/mspack/kwajd.c.
    - CVE-2018-14681
  * SECURITY UPDATE: Off-by-one error
    - debian/patches/CVE-2018-14682.patch: fix in
      libclamav/libmspack-0.5alpha/mspack/chmd.c.
    - CVE-2018-14682

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 01 Aug 2018 13:18:44 -0300

Source diff to previous version
CVE-2018-14679 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks
CVE-2018-14680 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
CVE-2018-14681 An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or tw
CVE-2018-14682 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

Version: 0.100.1+dfsg-1ubuntu0.14.04.2 2018-07-26 17:06:49 UTC

  clamav (0.100.1+dfsg-1ubuntu0.14.04.2) trusty-security; urgency=medium

  * SECURITY REGRESSION: clamav-daemon fails to start due to options
    removed in new version and manually edited configuration file.
    (LP: #1783632)
    - debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
      add patch from Debian stretch to simply warn about removed options.

 -- Marc Deslauriers <email address hidden> Thu, 26 Jul 2018 10:28:32 -0400

1783632 clamav-daemon won't start after upgrade to 0.100.1+dfsg, complaining of \



About   -   Send Feedback to @ubuntu_updates