Advisories » MGASA-2019-0367

Updated tnef packages fix security vulnerability

Publication date: 06 Dec 2019
Modification date: 06 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-18849

Description

Updated tnef package fixes security vulnerability:

In tnef, an attacker may be able to write to the victim's 
.ssh/authorized_keys file via an e-mail message with a crafted
winmail.dat application/ms-tnef attachment, because of a heap-based
buffer over-read involving strdup (CVE-2019-18849).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25785
• https://www.debian.org/lts/security/2019/dla-2005
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18849

SRPMS

7/core

• tnef-1.4.18-1.mga7