UbuntuUpdates.org

Package "clamav"

Name: clamav

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • anti-virus utility for Unix - sendmail integration
  • anti-virus utility for Unix - test files

Latest version: 0.100.2+dfsg-1ubuntu0.14.04.1
Release: trusty (14.04)
Level: updates
Repository: universe

Links

Save this URL for the latest version of "clamav": https://www.ubuntuupdates.org/clamav



Other versions of "clamav" in Trusty

Repository Area Version
base main 0.98.1+dfsg-4ubuntu1
base universe 0.98.1+dfsg-4ubuntu1
security universe 0.100.2+dfsg-1ubuntu0.14.04.1
security main 0.100.2+dfsg-1ubuntu0.14.04.1
updates main 0.100.2+dfsg-1ubuntu0.14.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.100.2+dfsg-1ubuntu0.14.04.1 2018-10-11 19:06:24 UTC

  clamav (0.100.2+dfsg-1ubuntu0.14.04.1) trusty-security; urgency=medium

  * Updated to version 0.100.2 to fix security issue.
    - CVE-2018-15378
  * Bump to new symbol version
    - debian/rules: set CL_FLEVEL 93.
    - debian/libclamav7.symbols: updated to new version.
  * Removed patches included in new version:
    - debian/patches/CVE-2018-14679-and-CVE-2018-14680.patch
    - debian/patches/CVE-2018-14681.patch
    - debian/patches/CVE-2018-14682.patch

 -- Marc Deslauriers <email address hidden> Wed, 10 Oct 2018 13:33:17 -0400

Source diff to previous version
CVE-2018-15378 denial-of-service in MEW unpacking feature
CVE-2018-14679 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks
CVE-2018-14680 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
CVE-2018-14681 An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or tw
CVE-2018-14682 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

Version: 0.100.1+dfsg-1ubuntu0.14.04.4 2018-09-18 09:07:03 UTC

  clamav (0.100.1+dfsg-1ubuntu0.14.04.4) trusty-security; urgency=medium

  * debian/clamav-daemon.config.in: fix infinite loop during
    dpkg-reconfigure (LP: #1792051)

 -- Marc Deslauriers <email address hidden> Thu, 13 Sep 2018 14:00:26 -0400

Source diff to previous version
1792051 [regression] clamav-daemon: Infinite loop at dpkg-reconfigure

Version: 0.100.1+dfsg-1ubuntu0.14.04.3 2018-08-02 15:06:41 UTC

  clamav (0.100.1+dfsg-1ubuntu0.14.04.3) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14679-and-CVE-2018-14680.patch:
      fix in libclamav/libmspack-0.5alpha/mspack/cchmd.c.
    - CVE-2018-14679
    - CVE-2018-14680
  * SECURITY UPDATE: Bytes overwire with bad KWAJ file extension
    - debian/patches/CVE-2018-14681.patch: fix in
      libclamav/libmspack-0.5alpha/mspack/kwajd.c.
    - CVE-2018-14681
  * SECURITY UPDATE: Off-by-one error
    - debian/patches/CVE-2018-14682.patch: fix in
      libclamav/libmspack-0.5alpha/mspack/chmd.c.
    - CVE-2018-14682

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 01 Aug 2018 13:18:44 -0300

Source diff to previous version
CVE-2018-14679 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks
CVE-2018-14680 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
CVE-2018-14681 An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or tw
CVE-2018-14682 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

Version: 0.100.1+dfsg-1ubuntu0.14.04.2 2018-07-26 18:06:50 UTC

  clamav (0.100.1+dfsg-1ubuntu0.14.04.2) trusty-security; urgency=medium

  * SECURITY REGRESSION: clamav-daemon fails to start due to options
    removed in new version and manually edited configuration file.
    (LP: #1783632)
    - debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
      add patch from Debian stretch to simply warn about removed options.

 -- Marc Deslauriers <email address hidden> Thu, 26 Jul 2018 10:28:32 -0400

Source diff to previous version
1783632 clamav-daemon won't start after upgrade to 0.100.1+dfsg, complaining of \

Version: 0.100.1+dfsg-1ubuntu0.14.04.1 2018-07-24 19:06:45 UTC

  clamav (0.100.1+dfsg-1ubuntu0.14.04.1) trusty-security; urgency=medium

  * Rebuild as security update for 14.04 to fix multiple issues
    - CVE-2018-0360
    - CVE-2018-0361
  * Re-enable LLVM support:
    - debian/control: add llvm-3.6-dev to BuildDepends.
    - debian/rules: add llvm back.
  * debian/clamav-daemon.postinst.in: updated version to drop support for
    clamav-daemon.socket.
  * debian/control: switch libtfm-dev to libtommath-dev, remove
    dh-strip-nondeterminism, electric-fence, and libsystemd-dev.
  * Use internal libmspack:
    - debian/control: remove libmspack-dev.
    - debian/rules: remove --with-system-libmspack.
    - debian/libclamav7.install: add libclammspack.so.0*.
    - debian/libclamav-dev.install: add libclammspack.so.
  * Revert to Debhelper in 14.04:
    - debian/compat: set to 8
    - debian/control: set debhelper to 8.9.7
  * debian/{libclamav7,libclamav-dev}.install: fix file locations
  * debian/rules: modify to not use dpkg-parsechangelog -S
  * debian/control: remove Multi-Arch and Rules-Requires-Root tags.
  * Don't built with json and curl:
    - debian/rules: remove --with-libjson and --with-libcurl=/usr.
    - debian/control: remove libjson-c-dev, libcurl4-openssl-dev.
    - debian/clamav.install: remove clamsubmit.
    - debian/clamav.manpages: remove clamsubmit.1.
  * Removed clamdscan package:
    - debian/control: removed package section
    - debian/clamdscan.*: removed and added files to clamav-daemon.*
  * Added clamav-dbg package:
    - debian/control: added package section
    - debian/rules: use --dbg-package, not --dbgsym-migration
  * debian/control: updated clamav-daemon Breaks versions.

 -- Marc Deslauriers <email address hidden> Mon, 23 Jul 2018 09:27:00 -0400

CVE-2018-0360 ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_parag
CVE-2018-0361 ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.



About   -   Send Feedback to @ubuntu_updates