[USN-4615-1] Yerase's TNEF vulnerabilities

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[USN-4615-1] Yerase's TNEF vulnerabilities

Paulo Flabiano Smorigo
==========================================================================
Ubuntu Security Notice USN-4615-1
November 03, 2020

libytnef vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Yerase's TNEF could be made to crash if it received specially crafted
input.

Software Description:
- libytnef: Yerases TNEF Stream Reader library

Details:

It was discovered that Yerase's TNEF had null pointer dereferences, infinite
loop, buffer overflow, out of bounds reads, directory traversal issues and
other vulnerabilities. An attacker could use those issues to cause a crash
and consequently a denial of service. (CVE-2017-6298, CVE-2017-6299,
CVE-2017-6300, CVE-2017-6301, CVE-2017-6302, CVE-2017-6303, CVE-2017-6304,
CVE-2017-6305, CVE-2017-6306, CVE-2017-6800, CVE-2017-6801, CVE-2017-6802)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libytnef0                       1.5-9ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
  https://usn.ubuntu.com/4615-1
  CVE-2017-6298, CVE-2017-6299, CVE-2017-6300, CVE-2017-6301,
  CVE-2017-6302, CVE-2017-6303, CVE-2017-6304, CVE-2017-6305,
  CVE-2017-6306, CVE-2017-6800, CVE-2017-6801, CVE-2017-6802

Package Information:
  https://launchpad.net/ubuntu/+source/libytnef/1.5-9ubuntu0.1

--
ubuntu-security-announce mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

signature.asc (849 bytes) Download Attachment