Headline
Ubuntu Security Notice USN-5887-1
Ubuntu Security Notice 5887-1 - Simon Scannell discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or execute arbitrary code. Simon Scannell discovered that ClamAV incorrectly handled parsing DMG files. A remote attacker could possibly use this issue to expose sensitive information.
==========================================================================
Ubuntu Security Notice USN-5887-1
February 27, 2023
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in ClamAV.
Software Description:
- clamav: Anti-virus utility for Unix
Details:
Simon Scannell discovered that ClamAV incorrectly handled parsing
HFS+ files. A remote attacker could possibly use this issue
to cause ClamAV to crash, resulting in a denial of service,
or execute arbitrary code. (CVE-2023-20032)
Simon Scannell discovered that ClamAV incorrectly handled parsing
DMG files. A remote attacker could possibly use this issue
to expose sensitive information. (CVE-2023-20052)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
clamav 0.103.8+dfsg-0ubuntu0.22.10.1
Ubuntu 22.04 LTS:
clamav 0.103.8+dfsg-0ubuntu0.22.04.1
Ubuntu 20.04 LTS:
clamav 0.103.8+dfsg-0ubuntu0.20.04.1
Ubuntu 18.04 LTS:
clamav 0.103.8+dfsg-0ubuntu0.18.04.1
Ubuntu 16.04 ESM:
clamav 0.103.8+dfsg-0ubuntu0.16.04.1+esm1
Ubuntu 14.04 ESM:
clamav 0.103.8+dfsg-0ubuntu0.14.04.1+esm1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-5887-1
CVE-2023-20032, CVE-2023-20052
Package Information:
https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.22.10.1
https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.18.04.1
Related news
Gentoo Linux Security Advisory 202310-1 - Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. Versions greater than or equal to 0.103.7 are affected.
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.
Patch released for bug that poses a critical risk to vulnerable technologies
Patch released for bug that poses a critical risk to vulnerable technologies
Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. Tracked as CVE-2023-20032 (CVSS score: 9.8), the issue relates to a case of remote code execution residing in the HFS+ file parser component. The flaw affects versions 1.0.0 and earlier, 0.105.1 and earlier, and
Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. Tracked as CVE-2023-20032 (CVSS score: 9.8), the issue relates to a case of remote code execution residing in the HFS+ file parser component. The flaw affects versions 1.0.0 and earlier, 0.105.1 and earlier, and