========================================================================== Ubuntu Security Notice USN-3722-1 July 24, 2018 clamav vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: ClamAV could be made to hang if it opened a specially crafted file. Software Description: - clamav: Anti-virus utility for Unix Details: It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0360) It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0361) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: clamav 0.100.1+dfsg-1ubuntu0.18.04.1 Ubuntu 16.04 LTS: clamav 0.100.1+dfsg-1ubuntu0.16.04.1 Ubuntu 14.04 LTS: clamav 0.100.1+dfsg-1ubuntu0.14.04.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3722-1 CVE-2018-0360, CVE-2018-0361 Package Information: https://launchpad.net/ubuntu/+source/clamav/0.100.1+dfsg-1ubuntu0.18.04.1 https://launchpad.net/ubuntu/+source/clamav/0.100.1+dfsg-1ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/clamav/0.100.1+dfsg-1ubuntu0.14.04.1