UbuntuUpdates.org

Package "libytnef0"

Name: libytnef0

Description:

improved decoder for application/ms-tnef attachments
Latest version: 1.5-9ubuntu0.1
Release: xenial (16.04)
Level: security
Repository: universe
Head package: libytnef
Homepage: http://sourceforge.net/projects/ytnef/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libytnef0"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libytnef0" in Xenial

Repository Area Version
base universe 1.5-9
updates universe 1.5-9ubuntu0.1

Changelog

Version: 1.5-9ubuntu0.1 2020-11-03 15:07:11 UTC

  libytnef (1.5-9ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Invalid memory access vulnerabilities
    - debian/patches/0001-Fixes-for-CVE-2017-6298-to-6306.patch: Fixes for
      CVE-2017-6298 to 6306.
    - d/p/0002-Fixes-for-CVE-2017-6800-CVE-2017-6801-and-CVE-2017-6.patch: Fixes
      for CVE-2017-6800; CVE-2017-6801 and CVE-2017-6802.
    - CVE-2017-6298
    - CVE-2017-6299
    - CVE-2017-6300
    - CVE-2017-6301
    - CVE-2017-6302
    - CVE-2017-6303
    - CVE-2017-6304
    - CVE-2017-6305
    - CVE-2017-6306
    - CVE-2017-6800
    - CVE-2017-6801
    - CVE-2017-6802

 -- Paulo Flabiano Smorigo <email address hidden> Thu, 29 Oct 2020 13:26:07 +0000
CVE-2017-6298 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked.
CVE-2017-6800 An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, r
CVE-2017-6801 An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef.
CVE-2017-6802 An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to Decomp
CVE-2017-6299 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in l
CVE-2017-6300 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in lib/tnef-types.h.
CVE-2017-6301 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads."
CVE-2017-6302 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow."
CVE-2017-6303 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow."
CVE-2017-6304 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read."
CVE-2017-6305 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write."
CVE-2017-6306 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilen


About   -   Send Feedback to @ubuntu_updates