USN-1482-3: ClamAV regression

16 August 2012

USN-1482-1 introduced a regression in ClamAV that could cause it to fail to scan certain documents.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

  • clamav - Anti-virus utility for Unix

Details

USN-1482-1 fixed vulnerabilities in ClamAV. The updated package could
fail to properly scan files in some situations. This update fixes
the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that ClamAV incorrectly handled certain malformed TAR
archives. A remote attacker could create a specially-crafted TAR file
containing malware that could escape being detected. (CVE-2012-1457,
CVE-2012-1459)

It was discovered that ClamAV incorrectly handled certain malformed CHM
files. A remote attacker could create a specially-crafted CHM file
containing malware that could escape being detected. (CVE-2012-1458)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04

In general, a standard system update will make all the necessary changes.