Bug 52097 – (ES 4.3) clamav

Bug 52097 - (ES 4.3) clamav


Summary:	(ES 4.3) clamav

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.3
Hardware:	All other

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Quality Assurance
QA Contact:	Felix Botner

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2020-09-20 21:53 CEST by Erik Damrose
Modified:	2020-11-30 12:00 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Erik Damrose

2020-09-20 21:53:11 CEST

Provide clamav version 0.102.4+dfsg-0+deb9u1A~4.4.5.202008100901 for UCS 4.3
First imported at bug #51793

This update addresses the following issues:
* A vulnerability in the ARJ archive parsing module in Clam AntiVirus
  (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote
  attacker to cause a denial of service condition on an affected device. The
  vulnerability is due to a heap buffer overflow read. An attacker could
  exploit this vulnerability by sending a crafted ARJ file to an affected
  device. An exploit could allow the attacker to cause the ClamAV scanning
  process crash, resulting in a denial of service condition. (CVE-2020-3327)
* A vulnerability in the endpoint software of Cisco AMP for Endpoints and
  Clam AntiVirus could allow an authenticated, local attacker to cause the
  running software to delete arbitrary files on the system. The vulnerability
  is due to a race condition that could occur when scanning malicious files.
  An attacker with local shell access could exploit this vulnerability by
  executing a script that could trigger the race condition. A successful
  exploit could allow the attacker to delete arbitrary files on the system
  that the attacker would not normally have privileges to delete, producing
  system instability or causing the endpoint software to stop working.
  (CVE-2020-3350)
* A vulnerability in the EGG archive parsing module in Clam AntiVirus
  (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an
  unauthenticated, remote attacker to cause a denial of service condition on
  an affected device. The vulnerability is due to a null pointer dereference.
  An attacker could exploit this vulnerability by sending a crafted EGG file
  to an affected device. An exploit could allow the attacker to cause the
  ClamAV scanning process crash, resulting in a denial of service condition.
  (CVE-2020-3481)

Comment 1 Felix Botner

2020-11-19 13:55:42 CET

-> apt-cache policy clamav
clamav:
  Installiert:           0.102.4+dfsg-0+deb9u1A~4.4.5.202008100901
  Installationskandidat: 0.102.4+dfsg-0+deb9u1A~4.4.5.202008100901
  Versionstabelle:
 *** 0.102.4+dfsg-0+deb9u1A~4.4.5.202008100901 500
        500 http://192.168.0.10/build2 ucs_4.3-0-extsec4.3/amd64/ Packages

Comment 2 Erik Damrose

2020-11-30 12:00:12 CET

CLOSED: Released as extsec4.3 update