Summary: | <net-mail/tnef-1.4.14: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | net-mail+disabled |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/ | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
=net-mail/tnef-1.4.14
|
Runtime testing required: | --- |
Description
Thomas Deutschmann (RETIRED)
2017-03-02 18:19:14 UTC
CVE-2017-6309 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6309): An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker. CVE-2017-6308 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6308): An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation. CVE-2017-6307 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6307): An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker. CVE-2017-6310 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6310): An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker. CVE-2017-6310 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6310): An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker. CVE-2017-6310 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6310): An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker. @ Maintainer(s): Please bump to >=net-mail/tnef-1.4.13 and tell us if the new ebuild is already ready for stabilization. Arches, please test and mark stable =net-mail/tnef-1.4.14 Target Keywords = amd64 hppa ppc ppc64 ~sparc x86 amd64 stable Stable for HPPA. x86 stable ppc ppc64 stable, all arches done. Arches, Thank you for your work. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s). Maintainer(s), please drop the vulnerable version(s). net-mail/tnef/tnef-1.4.12 punted from the tree. FYI: net-mail/tnef/tnef-1.4.14 is itself vulnerable. See #618658 (In reply to Eray Aslan from comment #13) > net-mail/tnef/tnef-1.4.12 punted from the tree. FYI: > net-mail/tnef/tnef-1.4.14 is itself vulnerable. See #618658 Thanks for cleanup and letting us know. We are already tracking this in the GLSA. This issue was resolved and addressed in GLSA 201708-02 at https://security.gentoo.org/glsa/201708-02 by GLSA coordinator Yury German (BlueKnight). |