Ubuntu Update For Clamav USN-1816-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

It was discovered that ClamAV would incorrectly parse a UPX-packed executable, leading to possible inappropriate heap reads. An attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-2020) It was discovered that ClamAV would incorrectly parse a PDF document, potentially writing beyond the size of a static array. An attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-2021)

Affected

clamav on Ubuntu 13.04 , Ubuntu 12.10 , Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 10.04 LTS

Severity

Classification

CVE CVE-2013-2020, CVE-2013-2021
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Ubuntu Update for cpio USN-2456-1
Ubuntu Update for apache2 USN-2152-1
Ubuntu Update for apport USN-1668-1
Ubuntu Update for dbus USN-1576-1
Ubuntu Update for curl USN-2167-1

Ubuntu Update for clamav USN-1816-1

Take action and discover your vulnerabilities