Univention Bugzilla – Bug 48050
clamav: Multiple issues (4.2)
Last modified: 2018-11-01 13:56:52 CET
New Debian clamav 0.100.2+dfsg-0+deb8u1A~4.2.5.201810250824 fixes: This update addresses the following issue: * A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file. (CVE-2018-15378)
--- mirror/ftp/4.2/unmaintained/4.2-5/source/clamav_0.100.1+dfsg-0+deb8u1A~4.2.4.201808200927.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/clamav_0.100.2+dfsg-0+deb8u1A~4.2.5.201810250824.dsc @@ -1,9 +1,20 @@ -0.100.1+dfsg-0+deb8u1A~4.2.4.201808200927 [Mon, 20 Aug 2018 09:28:06 +0200] Univention builddaemon <buildd@univention.de>: +0.100.2+dfsg-0+deb8u1A~4.2.5.201810250824 [Thu, 25 Oct 2018 08:25:00 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 010-utilize_ucr_autostart_settings 020-dont_fail_in_postinst_if_start_fails 030-silence-version-msg + +0.100.2+dfsg-0+deb8u1 [Tue, 23 Oct 2018 10:37:02 +0200] Santiago Ruano Rincón <santiagorr@riseup.net>: + + * Non-maintainer upload by the LTS Team. + * Upload based on the stretch package, thanks to: + + [ Sebastian Andrzej Siewior ] + * Update to upstream release 0.100.2. + - Bump symbol version due to new version. + - CVE-2018-15378 (Closes: #910430). + * add NEWS.md and README.md from upstream 0.100.1+dfsg-0+deb8u1 [Mon, 06 Aug 2018 16:59:51 +0200] Santiago Ruano Rincón <santiagorr@riseup.net>: <http://10.200.17.11/4.2-5/#50559194581823000>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] 36a283a805 Bug #48050: clamav 0.100.2+dfsg-0+deb8u1A~4.2.5.201810250824 doc/errata/staging/clamav.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<http://errata.software-univention.de/ucs/4.2/535.html>