Ubuntu Update For Clamav Vulnerabilities USN-1031-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1031-1

Solution

Please Install the Updated Packages.

Insight

Arkadiusz Miskiewicz and others discovered that the PDF processing code in libclamav improperly validated input. This could allow a remote attacker to craft a PDF document that could crash clamav or possibly execute arbitrary code. (CVE-2010-4260, CVE-2010-4479) It was discovered that an off-by-one error in the icon_cb function in pe_icons.c in libclamav could allow an attacker to corrupt memory, causing clamav to crash or possibly execute arbitrary code. (CVE-2010-4261) In the default installation, attackers would be isolated by the clamav AppArmor profile.

Affected

clamav vulnerabilities on Ubuntu 10.04 LTS , Ubuntu 10.10

Severity

Classification

CVE CVE-2010-4260, CVE-2010-4261, CVE-2010-4479

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for bash USN-2380-1
Ubuntu Update for Firefox 3.5 and Xulrunner vulnerabilities USN-921-1
Ubuntu Update for dhcp3 vulnerability USN-1108-1
Ubuntu Update for evolution vulnerabilities USN-615-1
Ubuntu Update for devscripts USN-1593-1

Ubuntu Update for clamav vulnerabilities USN-1031-1

Take action and discover your vulnerabilities