UbuntuUpdates.org

Package "clamav"

Name: clamav

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • anti-virus utility for Unix - sendmail integration
  • anti-virus utility for Unix - test files

Latest version: 0.100.3+dfsg-0ubuntu0.14.04.1
Release: trusty (14.04)
Level: security
Repository: universe

Links



Other versions of "clamav" in Trusty

Repository Area Version
base main 0.98.1+dfsg-4ubuntu1
base universe 0.98.1+dfsg-4ubuntu1
security main 0.100.3+dfsg-0ubuntu0.14.04.1
updates universe 0.100.3+dfsg-0ubuntu0.14.04.1
updates main 0.100.3+dfsg-0ubuntu0.14.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.100.3+dfsg-0ubuntu0.14.04.1 2019-04-08 14:07:02 UTC

  clamav (0.100.3+dfsg-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * Updated to version 0.100.3 to fix security issues. (LP: #1822503)
    - debian/libclamav7.symbols: updated to new version.
    - CVE-2019-1787
    - CVE-2019-1788
    - CVE-2019-1789

 -- Marc Deslauriers <email address hidden> Thu, 04 Apr 2019 10:02:52 -0400

Source diff to previous version
1822503 ClamAV needs updated to reflect security fixes
CVE-2019-1787 An out-of-bounds heap read condition when scanning PDF documents
CVE-2019-1788 An out-of-bounds heap write condition when scanning OLE2 files
CVE-2019-1789 An out-of-bounds heap read condition when scanning PE files

Version: 0.100.2+dfsg-1ubuntu0.14.04.2 2018-11-13 04:06:23 UTC

  clamav (0.100.2+dfsg-1ubuntu0.14.04.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-18585.patch: Ensure file names are valid in
      libclamav/libmspack-0.5alpha/mspack/chmd.c
    - CVE-2018-18585
  * SECURITY UPDATE: One byte buffer overflow -
    - debian/patches/CVE-2018-18584.patch: Ensure input buffer is large
      enough in libclamav/libmspack-0.5alpha/mspack/cab.h
    - CVE-2018-18584

 -- Alex Murray <email address hidden> Fri, 09 Nov 2018 16:38:09 +1030

Source diff to previous version
CVE-2018-18585 chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0"
CVE-2018-18584 In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum bloc

Version: 0.100.2+dfsg-1ubuntu0.14.04.1 2018-10-11 18:06:57 UTC

  clamav (0.100.2+dfsg-1ubuntu0.14.04.1) trusty-security; urgency=medium

  * Updated to version 0.100.2 to fix security issue.
    - CVE-2018-15378
  * Bump to new symbol version
    - debian/rules: set CL_FLEVEL 93.
    - debian/libclamav7.symbols: updated to new version.
  * Removed patches included in new version:
    - debian/patches/CVE-2018-14679-and-CVE-2018-14680.patch
    - debian/patches/CVE-2018-14681.patch
    - debian/patches/CVE-2018-14682.patch

 -- Marc Deslauriers <email address hidden> Wed, 10 Oct 2018 13:33:17 -0400

Source diff to previous version
CVE-2018-15378 denial-of-service in MEW unpacking feature
CVE-2018-14679 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks
CVE-2018-14680 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
CVE-2018-14681 An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or tw
CVE-2018-14682 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

Version: 0.100.1+dfsg-1ubuntu0.14.04.4 2018-09-18 08:07:00 UTC

  clamav (0.100.1+dfsg-1ubuntu0.14.04.4) trusty-security; urgency=medium

  * debian/clamav-daemon.config.in: fix infinite loop during
    dpkg-reconfigure (LP: #1792051)

 -- Marc Deslauriers <email address hidden> Thu, 13 Sep 2018 14:00:26 -0400

Source diff to previous version
1792051 [regression] clamav-daemon: Infinite loop at dpkg-reconfigure

Version: 0.100.1+dfsg-1ubuntu0.14.04.3 2018-08-02 13:07:29 UTC

  clamav (0.100.1+dfsg-1ubuntu0.14.04.3) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14679-and-CVE-2018-14680.patch:
      fix in libclamav/libmspack-0.5alpha/mspack/cchmd.c.
    - CVE-2018-14679
    - CVE-2018-14680
  * SECURITY UPDATE: Bytes overwire with bad KWAJ file extension
    - debian/patches/CVE-2018-14681.patch: fix in
      libclamav/libmspack-0.5alpha/mspack/kwajd.c.
    - CVE-2018-14681
  * SECURITY UPDATE: Off-by-one error
    - debian/patches/CVE-2018-14682.patch: fix in
      libclamav/libmspack-0.5alpha/mspack/chmd.c.
    - CVE-2018-14682

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 01 Aug 2018 13:18:44 -0300

CVE-2018-14679 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks
CVE-2018-14680 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
CVE-2018-14681 An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or tw
CVE-2018-14682 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.



About   -   Send Feedback to @ubuntu_updates