[SECURITY] [DLA 2215-1] clamav security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2215-1] clamav security update
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Wed, 20 May 2020 04:58:12 +0530
Message-id: <[🔎] 461c0e2e-cd88-536a-e8e3-e4ec75948be6@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : clamav
Version        : 0.101.5+dfsg-0+deb8u2
CVE ID         : CVE-2020-3327 CVE-2020-3341


The following CVE(s) were found in src:clamav package.

CVE-2020-3327

    A vulnerability in the ARJ archive parsing module in Clam
    AntiVirus (ClamAV) could allow an unauthenticated, remote
    attacker to cause a denial of service condition on an affected
    device. The vulnerability is due to a heap buffer overflow read.
    An attacker could exploit this vulnerability by sending a crafted
    ARJ file to an affected device. An exploit could allow the
    attacker to cause the ClamAV scanning process crash, resulting
    in a denial of service condition.

CVE-2020-3341

    A vulnerability in the PDF archive parsing module in Clam
    AntiVirus (ClamAV) could allow an unauthenticated, remote
    attacker to cause a denial of service condition on an affected
    device. The vulnerability is due to a stack buffer overflow read.
    An attacker could exploit this vulnerability by sending a crafted
    PDF file to an affected device. An exploit could allow the
    attacker to cause the ClamAV scanning process crash, resulting
    in a denial of service condition.

For Debian 8 "Jessie", these problems have been fixed in version
0.101.5+dfsg-0+deb8u2.

We recommend that you upgrade your clamav packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Best,
Utkarsh
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl7Ea4cACgkQgj6WdgbD
S5ZB2g//fhWRGPN9pZFmfkaIBHnEjldbwCFFM1bnUN6SpKd4znDymE53CmSPjnrz
JZKEn6Oc2xLrgMcP6wVcbKzbjgXX1+DNUpi5Pw7TKxnjULHPTuqkbM8BihGOIXnp
002NyLy6lSEZs1B/SWMNCx8Kyas/R5hmo11VwlldCKuKEd4M9qtbXypm1ukmmS0W
uoHPLVIlEaDn6ZCavJVCEpEV9j42h5gRkAK+6eCaBai1ta21R+oiWDr87KCx70ia
w3p01yWaqPJjPaWCGkfJmGraN5d5814wxniSvCExlFxs8mylZ7WFupqb088Mi8xc
heLRQe2KkGxtbsVRBWKrACBOHn+9e3K8edRJwp3DK1rSDG3kafnnxRAaTjRmIfLk
d2nGh1/WOU8XIXUpVvremT0PbfP33J1FC8f3qAa7WYZyZnHalYl7IV/VKe/lByst
9bcKz/X45NhWb5gvruhSnm+Pz0T5Og4bbK2DTuEYadDoMeAzZGgZudFCSkU59TqF
6ynh/vN/va40TLz3jPdom6QduE3ToBdMEK1ltcxaBcSSQndQqMcpgGRWK6D/GXmU
TOUyIdAXk5KrFKKO/Eca9q5lJnGlx3jffplexOukXX2CJqC1jolJRJNdCmX00U3m
/BuJKW/Ev8BTLgsa/Qnkjx34/e975I8RM4YVNzupcRthBT5KOSc=
=rRd3
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2213-1] exim4 security update
Next by Date: [SECURITY] [DLA 2216-1] ruby-rack security update
Previous by thread: [SECURITY] [DLA 2213-1] exim4 security update
Next by thread: [SECURITY] [DLA 2216-1] ruby-rack security update
Index(es):
- Date
- Thread