-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2626-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta April 14, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : clamav Version : 0.102.4+dfsg-0+deb9u2 CVE ID : CVE-2021-1405 Debian Bug : 986622 986790 A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. For Debian 9 stretch, this problem has been fixed in version 0.102.4+dfsg-0+deb9u2. We recommend that you upgrade your clamav packages. For the detailed security status of clamav please refer to its security tracker page at: https://security-tracker.debian.org/tracker/clamav Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmB2r2oACgkQgj6WdgbD S5Y3Ng/+MstA2Zx9JsUMlAQfDSGBtUS3BpkgbZ8j6Gt6ZJDBx6owK07+YN9A/e50 cmjGSq5qmpBRTAc3V2EVRsAdtz6h7u/q8gboLiauzVXFgi5vX7ka3IRPxQTVUGxF Ic3JUcnrQ/QCgSmn8bmxLZaTTqNoFFeSBMQVvOwI36CViQ7fsQp9TLTAe8l+rLzk J0v72R2ttzK8dcJIsBLh7AmFGoMSOmi26NlHR2mDVJI6KHC6ZdeUO0OXOU3R/8rN wIgWN6p6XdXGeMR54/l+XLimsPVRAcyCDV8sHicGsM5bIbrDIlJ7fzmnsjHVdbkd yrAliXjQIfMeLcI+HavGBUSi/UTtSr1LmDC7xgA/06A9f4o54p8qV9cpy1zvHUrS nVYgBahyOTg5xQ2tVkEWbHNXvsfcplKsYpZrVlXWBt50anB9f1meoEzN7jqLKHCi 9iD4z19EjTETwQ+4iBPISwNPdKhi9LMUnH0xbj2wclyafY6jd2uZgeGhfoDG4qet ZbcNXnRo5U8omxbl74mQw077QRUnh+2j94LNpuOoIe0VKO+6w6oBGbtHCeP8jX6h 2iLCy2jWIfXKmZc4eVyT2qP/niAbRl+tRPYMtaKBua8Xly04y3B/tzaPq3CVICvG W/qRWJvie1aKbSYgAhpmjC+ec9+S3vHw0bQim9luGlRWDL36pqA= =/+cN -----END PGP SIGNATURE-----
