[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 878-1] libytnef security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libytnef
Version        : 1.5-4+deb7u1
CVE ID         : CVE-2017-6298 CVE-2017-6299 CVE-2017-6300 CVE-2017-6301
                 CVE-2017-6302 CVE-2017-6303 CVE-2017-6304 CVE-2017-6305
                 CVE-2017-6801 CVE-2017-6802


CVE-2017-6298
     Null Pointer Deref / calloc return value not checked

CVE-2017-6299
     Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c

CVE-2017-6300
     Buffer Overflow in version field in lib/tnef-types.h

CVE-2017-6301
     Out of Bounds Reads

CVE-2017-6302
     Integer Overflow

CVE-2017-6303
     Invalid Write and Integer Overflow

CVE-2017-6304
     Out of Bounds read

CVE-2017-6305
     Out of Bounds read and write

CVE-2017-6801
     Out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef

CVE-2017-6802
     Heap-based buffer over-read on incoming Compressed RTF Streams,
     related to DecompressRTF() in libytnef


For Debian 7 "Wheezy", these problems have been fixed in version
1.5-4+deb7u1.

We recommend that you upgrade your libytnef packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJY2sXHXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH8IUP/2pVFEQJ0Iq2z6d2xUDzYQ+c
Dodop8LPsrZRczC0b62Vd5HfKlpphJ+mHGQlDQhOC7mo3TVdPMCemWV4MK8Rk2tU
tdsy4FkUyXYpXgxXz1X4vSqzncUNWuFt0T+P5Xh/g3hVAO3LdN5eY6beR5Wx2YBm
em9Qa6B2HHqPvOeyLFOS6B1SYMEf7ewp8rxmrysenCAbZlmB5CqzcZ7kQ8FR/xc3
s9uqT8fvPcA9PjuHcW5K1y6OjXtYt277ImMAxKBHXQEwDdw8hndMGkz5jyuIbbjc
gvwKH9QHFBCssPf0qI+6kCvEtA0/pmkdCgLShTPB8eswcbQ03SxhA9ZRguvuvRQ+
UF/EO/7W7lX9kz+m/Atp+5uV8TzMWfD98tf7LIV9/FldQYGt4fzkdTAea6yKJiMD
R9ax4E5nKW/NIe32wwVOIxrYN/CnVM8vgbu9ggUR5CAgtu3ajD/6on5QhsVsQXEO
lpsTAAZpJkmnnU4LRke9MNwDbytYz9/uMa0kFkpDyV9v7GTYZxgkDCPR8FQQgHlw
tRC6/NiecguFCPKKSQ5wDmorgAGJAt29sfZCTAVZEIfjl8wCa050djtwfQNhKfny
m5CeIpTOREZw8Gh4Jge1obrrry0zzHOQi8LTnCvsPofvH9Aj6r/z+rv8/twnVZQN
dQUL5R62rxE98TdBsVKt
=RLFU
-----END PGP SIGNATURE-----
Reply to: