UbuntuUpdates.org

Package "clamav"

Name: clamav

Description:

anti-virus utility for Unix - command-line interface

Latest version: 0.100.3+dfsg-0ubuntu0.14.04.1
Release: trusty (14.04)
Level: updates
Repository: main
Homepage: https://www.clamav.net/

Links


Download "clamav"


Other versions of "clamav" in Trusty

Repository Area Version
base main 0.98.1+dfsg-4ubuntu1
base universe 0.98.1+dfsg-4ubuntu1
security main 0.100.3+dfsg-0ubuntu0.14.04.1
security universe 0.100.3+dfsg-0ubuntu0.14.04.1
updates universe 0.100.3+dfsg-0ubuntu0.14.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.100.1+dfsg-1ubuntu0.14.04.2 2018-07-26 18:06:49 UTC

  clamav (0.100.1+dfsg-1ubuntu0.14.04.2) trusty-security; urgency=medium

  * SECURITY REGRESSION: clamav-daemon fails to start due to options
    removed in new version and manually edited configuration file.
    (LP: #1783632)
    - debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
      add patch from Debian stretch to simply warn about removed options.

 -- Marc Deslauriers <email address hidden> Thu, 26 Jul 2018 10:28:32 -0400

Source diff to previous version
1783632 clamav-daemon won't start after upgrade to 0.100.1+dfsg, complaining of \

Version: 0.100.1+dfsg-1ubuntu0.14.04.1 2018-07-24 19:06:43 UTC

  clamav (0.100.1+dfsg-1ubuntu0.14.04.1) trusty-security; urgency=medium

  * Rebuild as security update for 14.04 to fix multiple issues
    - CVE-2018-0360
    - CVE-2018-0361
  * Re-enable LLVM support:
    - debian/control: add llvm-3.6-dev to BuildDepends.
    - debian/rules: add llvm back.
  * debian/clamav-daemon.postinst.in: updated version to drop support for
    clamav-daemon.socket.
  * debian/control: switch libtfm-dev to libtommath-dev, remove
    dh-strip-nondeterminism, electric-fence, and libsystemd-dev.
  * Use internal libmspack:
    - debian/control: remove libmspack-dev.
    - debian/rules: remove --with-system-libmspack.
    - debian/libclamav7.install: add libclammspack.so.0*.
    - debian/libclamav-dev.install: add libclammspack.so.
  * Revert to Debhelper in 14.04:
    - debian/compat: set to 8
    - debian/control: set debhelper to 8.9.7
  * debian/{libclamav7,libclamav-dev}.install: fix file locations
  * debian/rules: modify to not use dpkg-parsechangelog -S
  * debian/control: remove Multi-Arch and Rules-Requires-Root tags.
  * Don't built with json and curl:
    - debian/rules: remove --with-libjson and --with-libcurl=/usr.
    - debian/control: remove libjson-c-dev, libcurl4-openssl-dev.
    - debian/clamav.install: remove clamsubmit.
    - debian/clamav.manpages: remove clamsubmit.1.
  * Removed clamdscan package:
    - debian/control: removed package section
    - debian/clamdscan.*: removed and added files to clamav-daemon.*
  * Added clamav-dbg package:
    - debian/control: added package section
    - debian/rules: use --dbg-package, not --dbgsym-migration
  * debian/control: updated clamav-daemon Breaks versions.

 -- Marc Deslauriers <email address hidden> Mon, 23 Jul 2018 09:27:00 -0400

Source diff to previous version
CVE-2018-0360 ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_parag
CVE-2018-0361 ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.

Version: 0.99.4+addedllvm-0ubuntu0.14.04.1 2018-03-08 15:06:48 UTC

  clamav (0.99.4+addedllvm-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * Updated to 0.99.4 to fix multiple security issues
    - CVE-2018-0202
    - CVE-2018-1000085
  * Removed patches no longer required
    - bb11549-fix-temp-file-cleanup-issue.patch

 -- Marc Deslauriers <email address hidden> Wed, 07 Mar 2018 13:58:55 +0100

Source diff to previous version
CVE-2018-0202 Out-of-bounds access in the PDF parser

Version: 0.99.3+addedllvm-0ubuntu0.14.04.1 2018-01-30 21:06:45 UTC

  clamav (0.99.3+addedllvm-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * Updated to 0.99.3 to fix multiple security issues
    - CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377,
      CVE-2017-12378, CVE-2017-12379, CVE-2017-12380
  * Removed patches no longer required
    - debian/patches/CVE-2017-6418.patch
    - debian/patches/CVE-2017-6419.patch
    - debian/patches/CVE-2017-6420.patch
    - debian/patches/CVE-2017-6420-2.patch
  * debian/patches/bb11549-fix-temp-file-cleanup-issue.patch: fix temp file
    cleanup issue.

 -- Marc Deslauriers <email address hidden> Mon, 29 Jan 2018 11:06:20 -0500

Source diff to previous version
CVE-2017-12374 The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denia
CVE-2017-12375 The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denia
CVE-2017-12376 ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of
CVE-2017-12377 ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of
CVE-2017-12378 ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of
CVE-2017-12379 ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of
CVE-2017-12380 ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of
CVE-2017-6418 libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.
CVE-2017-6419 mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and a
CVE-2017-6420 The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE

Version: 0.99.2+addedllvm-0ubuntu0.14.04.2 2017-08-17 18:06:39 UTC
No changelog available yet.



About   -   Send Feedback to @ubuntu_updates