Ubuntu Update For Clamav Vulnerabilities USN-1031-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1031-1

Solution

Please Install the Updated Packages.

Insight

Arkadiusz Miskiewicz and others discovered that the PDF processing code in libclamav improperly validated input. This could allow a remote attacker to craft a PDF document that could crash clamav or possibly execute arbitrary code. (CVE-2010-4260, CVE-2010-4479) It was discovered that an off-by-one error in the icon_cb function in pe_icons.c in libclamav could allow an attacker to corrupt memory, causing clamav to crash or possibly execute arbitrary code. (CVE-2010-4261) In the default installation, attackers would be isolated by the clamav AppArmor profile.

Affected

clamav vulnerabilities on Ubuntu 10.04 LTS , Ubuntu 10.10

Severity

Classification

CVE CVE-2010-4260, CVE-2010-4261, CVE-2010-4479
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for apache2 USN-1199-1
Ubuntu Update for eglibc USN-2328-1
Ubuntu Update for clamav USN-1773-1
Ubuntu Update for clamav USN-2488-1
Ubuntu Update for bash USN-2362-1

Ubuntu Update for clamav vulnerabilities USN-1031-1

Take action and discover your vulnerabilities