ALAS-2019-1213


Amazon Linux AMI Security Advisory: ALAS-2019-1213
Advisory Release Date: 2019-05-20 19:09 Pacific
Severity: Important

Issue Overview:

An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data. (CVE-2019-1787 )

An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking. (CVE-2019-1789 )

An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application. (CVE-2019-1788 )


Affected Packages:

clamav


Issue Correction:
Run yum update clamav to update your system.

New Packages:
i686:
    clamav-lib-0.101.2-1.38.amzn1.i686
    clamav-update-0.101.2-1.38.amzn1.i686
    clamav-debuginfo-0.101.2-1.38.amzn1.i686
    clamav-0.101.2-1.38.amzn1.i686
    clamd-0.101.2-1.38.amzn1.i686
    clamav-db-0.101.2-1.38.amzn1.i686
    clamav-devel-0.101.2-1.38.amzn1.i686
    clamav-milter-0.101.2-1.38.amzn1.i686

noarch:
    clamav-data-0.101.2-1.38.amzn1.noarch
    clamav-filesystem-0.101.2-1.38.amzn1.noarch

src:
    clamav-0.101.2-1.38.amzn1.src

x86_64:
    clamav-lib-0.101.2-1.38.amzn1.x86_64
    clamav-devel-0.101.2-1.38.amzn1.x86_64
    clamav-db-0.101.2-1.38.amzn1.x86_64
    clamav-debuginfo-0.101.2-1.38.amzn1.x86_64
    clamd-0.101.2-1.38.amzn1.x86_64
    clamav-0.101.2-1.38.amzn1.x86_64
    clamav-milter-0.101.2-1.38.amzn1.x86_64
    clamav-update-0.101.2-1.38.amzn1.x86_64