Updated tnef packages fix security vulnerability
Publication date: 25 Mar 2017Modification date: 25 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-6307 , CVE-2017-6308 , CVE-2017-6309 , CVE-2017-6310
Description
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been
identified in src/mapi_attr.c:mapi_attr_read(). These might lead to
invalid read and write operations, controlled by an attacker.
(CVE-2017-6307)
An issue was discovered in tnef before 1.4.13. Several Integer Overflows,
which can lead to Heap Overflows, have been identified in the functions
that wrap memory allocation. (CVE-2017-6308)
An issue was discovered in tnef before 1.4.13. Two type confusions have
been identified in the parse_file() function. These might lead to invalid
read and write operations, controlled by an attacker. (CVE-2017-6309)
An issue was discovered in tnef before 1.4.13. Four type confusions have
been identified in the file_add_mapi_attrs() function. These might lead to
invalid read and write operations, controlled by an attacker.
(CVE-2017-6310)
References
- https://bugs.mageia.org/show_bug.cgi?id=20343
- http://openwall.com/lists/oss-security/2017/02/23/17
- https://www.debian.org/security/2017/dsa-3798
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6307
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6308
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6309
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6310
SRPMS
5/core
- tnef-1.4.9-4.1.mga5