Debian Long Term Support / LTS Security Information / 2018 / Security Information -- DLA-1553-1 clamav

Debian Security Advisory

DLA-1553-1 clamav -- LTS security update

Date Reported:

24 Oct 2018

Affected Packages:

clamav

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 910430.
In Mitre's CVE dictionary: CVE-2018-15378.

More information:

ClamAV is an anti-virus utility for Unix, whose upstream developers have released the version 0.100.2. Installing this new version is required to make use of all current virus signatures and to avoid warnings.

This version also fixes a security issue discovered after version 0.100.1:

• CVE-2018-15378

  A vulnerability in ClamAV's MEW unpacker may allow unauthenticated remote offenders to cause a denial of service (DoS) via a specially crafted EXE file.

For Debian 8 Jessie, this problem has been fixed in version 0.100.2+dfsg-0+deb8u1.

We recommend that you upgrade your clamav packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS