UbuntuUpdates.org

Package "libytnef"

Name: libytnef

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • improved decoder for application/ms-tnef attachments
  • improved decoder for application/ms-tnef attachments
Latest version: 1.5-6ubuntu0.2
Release: trusty (14.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libytnef" in Trusty

Repository Area Version
security main 1.5-6ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.5-6ubuntu0.2 2018-05-31 21:06:28 UTC

  libytnef (1.5-6ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2017-12141-and-9146.patch: fix in ytnef.c.
    - CVE-2017-12141
    - CVE-2017-9146
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2017-9058.patch: fix in ytnef.c
    - CVE-2017-9058
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-9471.patch: fix in ytnef.c
    - CVE-2017-9471
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-9473.patch: fix in ytnef.c
    - CVE-2017-9473

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 31 May 2018 11:01:18 -0300
Source diff to previous version
CVE-2017-12141 In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denia
CVE-2017-9146 The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation,
CVE-2017-9058 In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c.
CVE-2017-9471 In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and applicatio
CVE-2017-9473 In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file

Version: 1.5-6ubuntu0.1 2017-05-15 19:06:46 UTC

  libytnef (1.5-6ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*: synchronize security fixes with Debian's
      1.5-6+deb8u1 release. Thanks to Jordi Mallach.
    - CVE-2017-6298, CVE-2017-6299, CVE-2017-6300, CVE-2017-6301,
      CVE-2017-6302, CVE-2017-6303, CVE-2017-6304, CVE-2017-6305,
      CVE-2017-6306, CVE-2017-6800, CVE-2017-6801, CVE-2017-6802

 -- Marc Deslauriers <email address hidden> Fri, 12 May 2017 08:05:19 -0400
CVE-2017-6298 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked.
CVE-2017-6299 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in l
CVE-2017-6300 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in lib/tnef-types.h.
CVE-2017-6301 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads."
CVE-2017-6302 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow."
CVE-2017-6303 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow."
CVE-2017-6304 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read."
CVE-2017-6305 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write."
CVE-2017-6306 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilen
CVE-2017-6800 An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, r
CVE-2017-6801 An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef.
CVE-2017-6802 An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to Decomp


About   -   Send Feedback to @ubuntu_updates