Public bug reported:
Description: Ubuntu 18.04.4 LTS
Release: 18.04
apt-cache policy clamav
clamav:
Installed: 0.102.2+dfsg-0ubuntu0.18.04.1
Candidate: 0.102.2+dfsg-0ubuntu0.18.04.1
The current version of ClamAV for 18.04.4 LTS is 0.102.2+dfsg-
0ubuntu0.18.04.1. The current stable version of ClamAV is 0.102.3. There
have been patches released that fix security related bugs as shown
below:
- CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module
in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition.
Improper bounds checking of an unsigned variable results in an out-of-
bounds read which causes a crash.
- CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV
0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition.
Improper size checking of a buffer used to initialize AES decryption
routines results in an out-of-bounds read which may cause a crash.
- Fix "Attempt to allocate 0 bytes" error when parsing some PDF
documents.
- Fix a couple of minor memory leaks.
- Updated libclamunrar to UnRAR 5.9.2.
Request that ClamAV be updated to the latest version 0.102.3
** Affects: clamav (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1878294
Title:
ClamAV needs updated to reflect security fixes
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1878294/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
