UbuntuUpdates.org

Package "clamav"

Name: clamav

Description:

anti-virus utility for Unix - command-line interface

Latest version: 1.5.3+dfsg-0ubuntu0.24.04.1
Release: noble (24.04)
Level: security
Repository: main
Homepage: https://www.clamav.net/

Links


Download "clamav"


Other versions of "clamav" in Noble

Repository Area Version
base universe 1.0.5+dfsg-1.1ubuntu3
base main 1.0.5+dfsg-1.1ubuntu3
security universe 1.5.3+dfsg-0ubuntu0.24.04.1
updates main 1.5.3+dfsg-0ubuntu0.24.04.1
updates universe 1.5.3+dfsg-0ubuntu0.24.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.5.3+dfsg-0ubuntu0.24.04.1 2026-07-08 16:08:28 UTC

  clamav (1.5.3+dfsg-0ubuntu0.24.04.1) noble-security; urgency=medium

  * Update to 1.5.3 to fix security issues and FIPS compatibility
    - debian/watch: switch to 1.5.*.
    - upstream/signing-key.asc: updated.
    - debian/rules: bump CL_FLEVEL to 233.
    - debian/libclamav12.symbols: updated symbols to new version.
    - debian/*postinst.in: added new options.
    - debian/libclamav12.install: bump so versions.
    - debian/clamav-freshclam.*: added new /etc/clamav/certs directory.
    - debian/usr.bin.freshclam, debian/usr.sbin.clamd: add
      /etc/clamav/certs to profile.
    - CVE-2026-20213, CVE-2026-20214, CVE-2026-20215, CVE-2026-20216,
      CVE-2026-20217, CVE-2026-20243, CVE-2026-20244

 -- Marc Deslauriers <email address hidden> Thu, 02 Jul 2026 08:07:08 -0400

Source diff to previous version
CVE-2026-20213 A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other ex
CVE-2026-20214 A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other e
CVE-2026-20215 A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other ex
CVE-2026-20216 A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affe
CVE-2026-20217 A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly othe
CVE-2026-20243 A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other e
CVE-2026-20244 A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other e

Version: 1.4.4+dfsg-0ubuntu0.24.04.1 2026-04-27 13:11:03 UTC

  clamav (1.4.4+dfsg-0ubuntu0.24.04.1) noble-security; urgency=medium

  * Updated to version 1.4.4 to fix security issue.
    - debian/rules: bump CL_FLEVEL to 214, set DH_ALWAYS_EXCLUDE = *.orig.
    - debian/libclamav12.symbols: updated symbols to new version.
    - debian/control, debian/rules: build with rustc 1.91.
    - CVE-2026-20031

 -- Marc Deslauriers <email address hidden> Tue, 14 Apr 2026 06:02:01 -0400

Source diff to previous version
CVE-2026-20031 A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of servic

Version: 1.4.3+dfsg-0ubuntu0.24.04.1 2025-07-02 17:55:24 UTC

  clamav (1.4.3+dfsg-0ubuntu0.24.04.1) noble-security; urgency=medium

  * Rebuild as security update for Ubuntu 24.04 LTS.
    - CVE-2025-20234
    - CVE-2025-20260

 -- Marc Deslauriers <email address hidden> Wed, 25 Jun 2025 13:10:29 -0400

Source diff to previous version
CVE-2025-20234 A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS
CVE-2025-20260 A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a

Version: 1.0.8+dfsg-0ubuntu0.24.04.1 2025-01-27 18:06:59 UTC

  clamav (1.0.8+dfsg-0ubuntu0.24.04.1) noble-security; urgency=medium

  * Updated to version 1.0.8 to fix security issue.
    - debian/rules: bump CL_FLEVEL to 168.
    - debian/libclamav11t64.symbols: updated CLAMAV_PRIVATE and
      cl_retflevel symbols to new version.
    - CVE-2025-20128

 -- Marc Deslauriers <email address hidden> Thu, 23 Jan 2025 12:29:13 -0500

Source diff to previous version
CVE-2025-20128 A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a

Version: 1.0.7+dfsg-0ubuntu0.24.04.1 2024-09-16 15:07:09 UTC

  clamav (1.0.7+dfsg-0ubuntu0.24.04.1) noble-security; urgency=medium

  * Updated to version 1.0.7 to fix security issues.
    - debian/rules: bump CL_FLEVEL to 167.
    - debian/libclamav11t64.symbols: updated CLAMAV_PRIVATE and
      cl_retflevel symbols to new version.
    - debian/patches/resolve-armhf-ftbfs.patch: removed, no longer needed.
    - CVE-2024-20505
    - CVE-2024-20506

 -- Marc Deslauriers <email address hidden> Fri, 06 Sep 2024 14:27:14 -0400

CVE-2024-20505 A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior ve
CVE-2024-20506 A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior



About   -   Send Feedback to @ubuntu_updates