Advisories ยป MGASA-2017-0174

Updated libytnef packages fix security vulnerabilities

Publication date: 14 Jun 2017
Modification date: 14 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-6298 , CVE-2017-6299 , CVE-2017-6300 , CVE-2017-6301 , CVE-2017-6302 , CVE-2017-6303 , CVE-2017-6304 , CVE-2017-6305 , CVE-2017-6306 , CVE-2017-6800 , CVE-2017-6801 , CVE-2017-6802 , CVE-2017-9058

Description

Several issues were discovered in libytnef, a library used to decode
application/ms-tnef e-mail attachments. Multiple heap overflows,
out-of-bound writes and reads, NULL pointer dereferences and infinite
loops could be exploited by tricking a user into opening a maliciously
crafted winmail.dat file (CVE-2017-6298, CVE-2017-6299, CVE-2017-6300,
CVE-2017-6301, CVE-2017-6302, CVE-2017-6303, CVE-2017-6304,
CVE-2017-6305, CVE-2017-6306, CVE-2017-6800, CVE-2017-6801,
CVE-2017-6802).

A heap-buffer-overflow vulnerability in libytnef due to an incorrect
boundary checking in SIZECHCK macro in lib/ytnef.c (CVE-2017-9058).

References

SRPMS

5/core