Ubuntu Security Notice 3814-2 - USN-3814-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 libmspack is included into ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. Various other issues were also addressed.
92e549bdac13ce558a86e5587ee1c93eb04c9c3c66fc3abca26482d39cba82ff
==========================================================================
Ubuntu Security Notice USN-3814-2
November 13, 2018
clamav vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in ClamAV.
Software Description:
- clamav: Anti-virus utility for Unix
Details:
USN-3814-1 fixed several vulnerabilities in libmspack. In Ubuntu
14.04
libmspack is included into ClamAV. This update provides the
corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered libmspack incorrectly handled certain malformed
CAB files.
A remote attacker could use this issue to cause libmspack to
crash, resulting
in a denial of service. (CVE-2018-18584, CVE-2018-18585)
Update instructions:
The problem can be corrected by updating your system to the
following
package versions:
Ubuntu 14.04 LTS:
clamav 0.100.2+dfsg-1ubuntu0.14.04.2
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3814-2
https://usn.ubuntu.com/usn/usn-3814-1
CVE-2018-18584, CVE-2018-18585
Package Information:
https://launchpad.net/ubuntu/+source/clamav/0.100.2+dfsg-1ubuntu0.14.04.2