[Bug 1745635] Re: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
** Changed in: clamav (Fedora) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635] Re: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
** Changed in: clamav (Ubuntu Precise) Status: Confirmed => Fix Released ** Changed in: clamav (Ubuntu Bionic) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635] Re: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
** Changed in: clamav (Fedora) Status: Fix Released => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635] Re: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
These are now published: https://usn.ubuntu.com/usn/usn-3550-1/ ** Changed in: clamav (Ubuntu Trusty) Status: Confirmed => Fix Released ** Changed in: clamav (Ubuntu Xenial) Status: Confirmed => Fix Released ** Changed in: clamav (Ubuntu Artful) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635] Re: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
** Changed in: clamav (Suse) Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635]
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2018-02-05. When done, reassign the bug to security-t...@suse.de. https://swamp.suse.de/webswamp/wf/63957 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635]
all done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635] Re: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
** Changed in: clamav (Fedora) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635] Re: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
** Changed in: clamav (Debian) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635] Re: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
** Also affects: clamav (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: clamav (Ubuntu Artful) Importance: Undecided Status: New ** Also affects: clamav (Ubuntu Bionic) Importance: Undecided Status: Confirmed ** Also affects: clamav (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: clamav (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: clamav (Ubuntu Trusty) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: clamav (Ubuntu Xenial) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: clamav (Ubuntu Artful) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: clamav (Ubuntu Bionic) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: clamav (Ubuntu Trusty) Status: New => Confirmed ** Changed in: clamav (Ubuntu Xenial) Status: New => Confirmed ** Changed in: clamav (Ubuntu Artful) Status: New => Confirmed ** Changed in: clamav (Ubuntu Precise) Status: New => Confirmed ** Changed in: clamav (Ubuntu Precise) Assignee: (unassigned) => Leonidas S. Barbosa (leosilvab) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635]
openSUSE-SU-2018:0258-1: An update that fixes 11 vulnerabilities is now available. Category: security (important) Bug References: 1040662,1049423,1052448,1052449,1052466,1077732 CVE References: CVE-2017-11423,CVE-2017-12374,CVE-2017-12375,CVE-2017-12376,CVE-2017-12377,CVE-2017-12378,CVE-2017-12379,CVE-2017-12380,CVE-2017-6418,CVE-2017-6419,CVE-2017-6420 Sources used: openSUSE Leap 42.3 (src):clamav-0.99.3-20.1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635] Re: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
** Changed in: clamav (Suse) Status: Confirmed => Unknown ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11423 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6418 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6419 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6420 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635]
SUSE-SU-2018:0255-1: An update that fixes 11 vulnerabilities is now available. Category: security (important) Bug References: 1040662,1049423,1052448,1052449,1052466,1077732 CVE References: CVE-2017-11423,CVE-2017-12374,CVE-2017-12375,CVE-2017-12376,CVE-2017-12377,CVE-2017-12378,CVE-2017-12379,CVE-2017-12380,CVE-2017-6418,CVE-2017-6419,CVE-2017-6420 Sources used: SUSE OpenStack Cloud 6 (src):clamav-0.99.3-33.5.1 SUSE Linux Enterprise Server for SAP 12-SP1 (src):clamav-0.99.3-33.5.1 SUSE Linux Enterprise Server for SAP 12 (src):clamav-0.99.3-33.5.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): clamav-0.99.3-33.5.1 SUSE Linux Enterprise Server 12-SP3 (src):clamav-0.99.3-33.5.1 SUSE Linux Enterprise Server 12-SP2 (src):clamav-0.99.3-33.5.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src):clamav-0.99.3-33.5.1 SUSE Linux Enterprise Server 12-LTSS (src):clamav-0.99.3-33.5.1 SUSE Linux Enterprise Desktop 12-SP3 (src):clamav-0.99.3-33.5.1 SUSE Linux Enterprise Desktop 12-SP2 (src):clamav-0.99.3-33.5.1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635]
SUSE-SU-2018:0254-1: An update that fixes 11 vulnerabilities is now available. Category: security (important) Bug References: 1049423,1052448,1052449,1052466,1077732 CVE References: CVE-2017-11423,CVE-2017-12374,CVE-2017-12375,CVE-2017-12376,CVE-2017-12377,CVE-2017-12378,CVE-2017-12379,CVE-2017-12380,CVE-2017-6418,CVE-2017-6419,CVE-2017-6420 Sources used: SUSE Linux Enterprise Server 11-SP4 (src):clamav-0.99.3-0.20.3.2 SUSE Linux Enterprise Server 11-SP3-LTSS (src):clamav-0.99.3-0.20.3.2 SUSE Linux Enterprise Point of Sale 11-SP3 (src):clamav-0.99.3-0.20.3.2 SUSE Linux Enterprise Debuginfo 11-SP4 (src):clamav-0.99.3-0.20.3.2 SUSE Linux Enterprise Debuginfo 11-SP3 (src):clamav-0.99.3-0.20.3.2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635]
Maintenance updates with ClamAV 0.99.3 have just been released and the packages should appear soon in the repositories. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635] Re: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
** Changed in: clamav (Fedora) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635] Re: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
ow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device. https://bugzilla.clamav.net/show_bug.cgi?id=11944 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L CVE-2017-12380 7. ClamAV Null Dereference Vulnerability ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition. https://bugzilla.clamav.net/show_bug.cgi?id=11945 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Also included are 2 minor fixes to properly detect openssl install locations on FreeBSD 11, and prevent false warnings about zlib 1.2.1# version numbers. Thank you to the following ClamAV community members for your code submissions and bug reports! Alberto Garcia Daniel J. Luke Francisco Oca Sebastian A. Siewior Suleman Ali Special thanks to Offensive Research at Salesforce.com for responsible disclosure. Reply at: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/comments/0 On 2018-01-26T11:55:53+00:00 Meissner-i wrote: https://www.heise.de/security/meldung/Jetzt-patchen-Angriffe-auf-Viren- Scanner-ClamAV-3951801.html Reply at: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/comments/1 On 2018-01-26T17:00:23+00:00 Swamp-a wrote: This is an autogenerated message for OBS integration: This bug (1077732) was mentioned in https://build.opensuse.org/request/show/569980 Factory / clamav Reply at: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/comments/5 ** Changed in: clamav (Suse) Status: Unknown => Confirmed ** Changed in: clamav (Suse) Importance: Unknown => Medium ** Bug watch added: bugzilla.clamav.net/ #11939 https://bugzilla.clamav.net/show_bug.cgi?id=11939 ** Bug watch added: bugzilla.clamav.net/ #11940 https://bugzilla.clamav.net/show_bug.cgi?id=11940 ** Bug watch added: bugzilla.clamav.net/ #11942 https://bugzilla.clamav.net/show_bug.cgi?id=11942 ** Bug watch added: bugzilla.clamav.net/ #11943 https://bugzilla.clamav.net/show_bug.cgi?id=11943 ** Bug watch added: bugzilla.clamav.net/ #11946 https://bugzilla.clamav.net/show_bug.cgi?id=11946 ** Bug watch added: bugzilla.clamav.net/ #11944 https://bugzilla.clamav.net/show_bug.cgi?id=11944 ** Bug watch added: bugzilla.clamav.net/ #11945 https://bugzilla.clamav.net/show_bug.cgi?id=11945 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635] Re: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
** Bug watch added: bugzilla.opensuse.org/ #1077732 https://bugzilla.opensuse.org/show_bug.cgi?id=1077732 ** Also affects: clamav (Suse) via https://bugzilla.opensuse.org/show_bug.cgi?id=1077732 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635] Re: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
Launchpad has imported 1 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=1539030. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. On 2018-01-26T13:02:25+00:00 Ruben wrote: Description of problem: Seven CVE's in current clamav (EPEL7 EPEL6) please update urgent to: ClamAV 0.99.3 Please see: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html Reply at: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/comments/0 ** Changed in: clamav (Fedora) Status: Unknown => Confirmed ** Changed in: clamav (Fedora) Importance: Unknown => Critical -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635] Re: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
** Bug watch added: Red Hat Bugzilla #1539030 https://bugzilla.redhat.com/show_bug.cgi?id=1539030 ** Also affects: clamav (Fedora) via https://bugzilla.redhat.com/show_bug.cgi?id=1539030 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635] Re: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
** Changed in: clamav (Debian) Status: Unknown => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635] Re: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
** Summary changed: - Fix Jan 2018 security vulnerabilities in CLAMAV + Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635] Re: Fix Jan 2018 security vulnerabilities in CLAMAV
** Bug watch added: Debian Bug tracker #888484 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888484 ** Also affects: clamav (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888484 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Fix Jan 2018 security vulnerabilities in CLAMAV To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635] Re: Fix Jan 2018 security vulnerabilities in CLAMAV
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: clamav (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Fix Jan 2018 security vulnerabilities in CLAMAV To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635] [NEW] Fix Jan 2018 security vulnerabilities in CLAMAV
allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition. https://bugzilla.clamav.net/show_bug.cgi?id=11945 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Also included are 2 minor fixes to properly detect openssl install locations on FreeBSD 11, and prevent false warnings about zlib 1.2.1# version numbers. Thank you to the following ClamAV community members for your code submissions and bug reports! Alberto Garcia Daniel J. Luke Francisco Oca Sebastian A. Siewior Suleman Ali Special thanks to Offensive Research at Salesforce.com for responsible disclosure. As always you can download the latest copy of ClamAV from our website ClamAV.net/downloads Please continue the discussion on our mailing lists at http://www.clamav.net/contact#ml ** Affects: clamav (Ubuntu) Importance: Undecided Status: New ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12374 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12375 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12376 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12377 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12378 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12379 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12380 ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Fix Jan 2018 security vulnerabilities in CLAMAV To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1745635] Re: Fix Jan 2018 security vulnerabilities in CLAMAV
Official patch: http://www.clamav.net/downloads/production/clamav-0.99.3.tar.gz -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745635 Title: Fix Jan 2018 security vulnerabilities in CLAMAV To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1745635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
