[SECURITY] [DLA 839-1] tnef security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 839-1] tnef security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 27 Feb 2017 22:17:10 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1702272216210.14990@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : tnef
Version        : 1.4.9-1+deb7u1
CVE ID         : CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310


CVE-2017-6307
     An issue was discovered in tnef before 1.4.13. Two OOB Writes have
     been identified in src/mapi_attr.c:mapi_attr_read(). These might
     lead to invalid read and write operations, controlled by an attacker.

CVE-2017-6308
     An issue was discovered in tnef before 1.4.13. Several Integer
     Overflows, which can lead to Heap Overflows, have been identified
     in the functions that wrap memory allocation.

CVE-2017-6309
     An issue was discovered in tnef before 1.4.13. Two type confusions
     have been identified in the parse_file() function. These might lead
     to invalid read and write operations, controlled by an attacker.

CVE-2017-6310
     An issue was discovered in tnef before 1.4.13. Four type confusions
     have been identified in the file_add_mapi_attrs() function.
     These might lead to invalid read and write operations, controlled
     by an attacker.



For Debian 7 "Wheezy", these problems have been fixed in version
1.4.9-1+deb7u1.

We recommend that you upgrade your tnef packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJYtJdWXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHMs0QAMNSB1Fye8NbYmX0/anzwj2O
j7LzRKo1vbf+FLp68NSf0lOpVMnMyCUqDaU1q9OlinZD+FM13/9h8ieo7bxKPFft
++GP5W9js0p8BsareNBFHCm1Y71nHWVjttYzUkG2Kw1EPFZ+I9yXDO7CsTkgEdYi
myExUeb6qOVTsUMhDvsumoHt59c6+jSxgkY6eeWk/R/pxYCfu5S1CG8rcNhqCdfJ
JHeOOFSiwfTGmWq2uGVIsGtSQjL8JZF3+gmMHV7UX8sTB0e7TlQksrigoD/rVTh7
iOPoKYPEkM4PRpmjQsyJTsk07Fp9mQ/xOPl/cZ74uSYZK01CfSiGh8TDXClL/mfz
J4o7ILHbLObtECW5JysBpDklHZzEhmP6qd7rlH/n07qQlP+30UsrU5OxU+b4HT1L
A/eivonacbdG4VFnKqyVc1Jq+zCzFAug5Qhy4LpeH3FrHfogWUlQ1l+l5n2f7NmS
PlREweq95HVgiEC0/KAda8SRtlZm5VX3qGFH38hyjBNJUsz9MJOwojsD80jRortE
8tw8+tFOv5lLdJJOxyKNeC2X0Cc/HrbCjo7ejaZaN+DrCByal9HuVzOGkI2yzdFB
eska+98598cW+RF3hik9m9t/9vaEGO69uP/ed4+T+9p9bh6hJbWXexSPqnOY1jTU
7gSnZ8UkzQ+2UhBd0/Sa
=V6XN
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 838-1] shadow security update
Next by Date: [SECURITY] [DLA 840-1] libplist security update
Previous by thread: [SECURITY] [DLA 838-1] shadow security update
Next by thread: [SECURITY] [DLA 840-1] libplist security update
Index(es):
- Date
- Thread