Important: clamav

2019-05-16T23:16:00
ID ALAS-2019-1213
Type amazon
Reporter Amazon
Modified 2019-05-20T19:09:00

Description

Issue Overview:

An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data. (CVE-2019-1787)

An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking. (CVE-2019-1789)

An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application. (CVE-2019-1788)

Affected Packages:

clamav

Issue Correction:
Run yum update clamav to update your system.

New Packages:

i686:  
    clamav-lib-0.101.2-1.38.amzn1.i686  
    clamav-update-0.101.2-1.38.amzn1.i686  
    clamav-debuginfo-0.101.2-1.38.amzn1.i686  
    clamav-0.101.2-1.38.amzn1.i686  
    clamd-0.101.2-1.38.amzn1.i686  
    clamav-db-0.101.2-1.38.amzn1.i686  
    clamav-devel-0.101.2-1.38.amzn1.i686  
    clamav-milter-0.101.2-1.38.amzn1.i686

noarch:  
    clamav-data-0.101.2-1.38.amzn1.noarch  
    clamav-filesystem-0.101.2-1.38.amzn1.noarch

src:  
    clamav-0.101.2-1.38.amzn1.src

x86_64:  
    clamav-lib-0.101.2-1.38.amzn1.x86_64  
    clamav-devel-0.101.2-1.38.amzn1.x86_64  
    clamav-db-0.101.2-1.38.amzn1.x86_64  
    clamav-debuginfo-0.101.2-1.38.amzn1.x86_64  
    clamd-0.101.2-1.38.amzn1.x86_64  
    clamav-0.101.2-1.38.amzn1.x86_64  
    clamav-milter-0.101.2-1.38.amzn1.x86_64  
    clamav-update-0.101.2-1.38.amzn1.x86_64