Headline
Ubuntu Security Notice USN-6636-1
Ubuntu Security Notice 6636-1 - It was discovered that ClamAV incorrectly handled parsing certain OLE2 files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Amit Schendel discovered that the ClamAV ClamD service incorrectly handled the VirusEvent feature. An attacker able to connect to ClamD could possibly use this issue to execute arbitrary code.
==========================================================================Ubuntu Security Notice USN-6636-1February 14, 2024clamav vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10Summary:Several security issues were fixed in ClamAV.Software Description:- clamav: Anti-virus utility for UnixDetails:It was discovered that ClamAV incorrectly handled parsing certain OLE2files. A remote attacker could possibly use this issue to cause ClamAV tocrash, resulting in a denial of service. (CVE-2024-20290)Amit Schendel discovered that the ClamAV ClamD service incorrectly handledthe VirusEvent feature. An attacker able to connect to ClamD could possiblyuse this issue to execute arbitrary code. (CVE-2024-20328)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10: clamav 1.0.5+dfsg-0ubuntu0.23.10.1This update uses a new upstream release, which includes additional bugfixes. In general, a standard system update will make all the necessarychanges.References: https://ubuntu.com/security/notices/USN-6636-1 CVE-2024-20290, CVE-2024-20328Package Information: https://launchpad.net/ubuntu/+source/clamav/1.0.5+dfsg-0ubuntu0.23.10.1