Headline
Ubuntu Security Notice USN-6303-2
Ubuntu Security Notice 6303-2 - USN-6303-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.
==========================================================================Ubuntu Security Notice USN-6303-2August 21, 2023clamav vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS (Available with Ubuntu Pro)- Ubuntu 16.04 LTS (Available with Ubuntu Pro)- Ubuntu 14.04 LTS (Available with Ubuntu Pro)Summary:ClamAV could be made to crash if it opened a specially crafted file.Software Description:- clamav: Anti-virus utility for UnixDetails:USN-6303-1 fixed a vulnerability in ClamAV. This update providesthe corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS,and Ubuntu 18.04 LTS.Original advisory details: It was discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS (Available with Ubuntu Pro): clamav 0.103.9+dfsg-0ubuntu0.18.04.1+esm1Ubuntu 16.04 LTS (Available with Ubuntu Pro): clamav 0.103.9+dfsg-0ubuntu0.16.04.1+esm1Ubuntu 14.04 LTS (Available with Ubuntu Pro): clamav 0.103.9+dfsg-0ubuntu0.14.04.1+esm1This update uses a new upstream release, which includes additional bugfixes. In general, a standard system update will make all the necessarychanges.References: https://ubuntu.com/security/notices/USN-6303-2 https://ubuntu.com/security/notices/USN-6303-1 CVE-2023-20197Related news
Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.
Ubuntu Security Notice 6303-1 - It was discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.
A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .