Operating System:

[WIN][UNIX/Linux]

Published:

18 March 2013

Protect yourself against future threats.

//Service

Sensitive Information Alert

Alert notification provided via email for sensitive material found online by our analyst team which specifically targets your organisation.

Read more
Resources > Security Bulletins > ASB-2013.0039 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2013.0039
               A vulnerability has been identified in ClamAV
                               18 March 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              ClamAV
Operating System:     Windows
                      UNIX variants (UNIX, Linux, OSX)
Impact/Access:        Reduced Security -- Unknown/Unspecified
Resolution:           Patch/Upgrade
Member content until: Wednesday, April 17 2013

OVERVIEW

        Multiple vulnerabilities have been identified in ClamAV prior to 
        version 0.97.7. [1]


IMPACT

        The vendor has provided the following description regarding this 
        issue:
        
        "ClamAV 0.97.7 addresses several reported potential security bugs. 
        Thanks to Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of 
        the Google Security Team for finding and reporting these issues." [1]


MITIGATION

        The vendor recommends updating to the latest version of ClamAV
        to correct this issue. [1]


REFERENCES

        [1] ClamAV 0.97.7 has been released!
            http://www.clamav.net/lang/en/2013/03/17/clamav-0-97-7-has-been-released/

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUUaUAe4yVqjM2NGpAQLaag//Ul4YwOhSwPJ6YvNQsSLW2/9ReLYekJaV
HgitipEaOfO2pczZfyyogcfAzOAmK8XHjObCx3P4JGH1j6i9ZpEsfeNtlU+d9yQL
Y+B9K3V3BlUX5sg7RmMIENOptiS1uYeyzHT63aD33BIztK3Jm2ijgLzpuO4bkW3T
CgmSNc/sgFPHYzErhVxBpXdtoFHpYoIZXu36hTJFgyBTc2BeLAe8/NG59tBM1nFM
cDwG7h7KGr5Ywco2ovBtONvgQzS6qwtcABV0NMf71wYo7v05aur5yPh4gECP/AEa
aLrn7OwqpZl1bQieZLQgNy6iNkQ1Y7irdeIU39LfKMOGyUHvNuzRbeZyieP1aj08
SoSDdrzUPTxzJtCmN5RafNkTzlwBVLovQT//87U0X2IySA4PfTdK9HXDbnp0Gimm
S/U48r5/m+4k6enhVEHKHALGuYAIy4pqhFBrYAz0VT/bRIk+yy2yqvS1Fb2jft/I
WlDnkhzck2EDzj0Zd/YNpcbXv83EoLIvbVO45JFnia9VV5zmbUtFN+Gl7nRoFKlI
tP7jbJ59HxhwhiPepeF/2p40Lc1ufNuGK0nBIcbLkVeLzKTvA5hdrV46NsBye/ka
pVRLzq+VCxCHhnQDGSdaP+LclImxH8upfg7MS3G9YFs7sAhzjiCI4fWqtt/mppKU
gtWDyOAT5Qs=
=ggob
-----END PGP SIGNATURE-----