Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 626858 (CVE-2017-12141, CVE-2017-12142, CVE-2017-12144) - <net-mail/ytnef-1.9.3: Denial of Service (CVE-2017-{12144,12142,12141})
Summary: <net-mail/ytnef-1.9.3: Denial of Service (CVE-2017-{12144,12142,12141})
Status: RESOLVED FIXED
Alias: CVE-2017-12141, CVE-2017-12142, CVE-2017-12144
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: C3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-02 07:40 UTC by Aleksandr Wagner (Kivak)
Modified: 2018-11-25 00:10 UTC (History)
1 user (show)

See Also:
Package list:
net-mail/ytnef-1.9.3
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Aleksandr Wagner (Kivak) 2017-08-02 07:40:02 UTC 
CVE-2017-12144 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12144):

In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. 

https://github.com/Yeraze/ytnef/issues/51
https://somevulnsofadlab.blogspot.ca/2017/07/ytnefallocation-failed-in-tneffillmapi.html

CVE-2017-12142 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12142):

In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file. 

https://github.com/Yeraze/ytnef/issues/49
https://somevulnsofadlab.blogspot.ca/2017/07/ytnefinvalid-memory-read-in-swapdword.html

CVE-2017-12141 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12141):

In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. 

https://github.com/Yeraze/ytnef/issues/50
https://somevulnsofadlab.blogspot.ca/2017/07/ytnefheap-buffer-overflow-in.html
Comment 1 Larry the Git Cow gentoo-dev 2018-07-23 09:46:04 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd0f6d34271b64a12b8be31378a2b58610e60a8f

commit bd0f6d34271b64a12b8be31378a2b58610e60a8f
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2018-07-23 09:45:43 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2018-07-23 09:45:43 +0000

    net-mail/ytnef: Security bump to version 1.9.3
    
    This fixes the following CVEs:
    
    CVE-2017-9470
    CVE-2017-9471
    CVE-2017-9474
    CVE-2017-9058
    CVE-2017-12142
    CVE-2017-12141
    CVE-2017-12144
    
    Bug: https://bugs.gentoo.org/626858
    Closes: https://bugs.gentoo.org/619156
    Package-Manager: Portage-2.3.43, Repoman-2.3.10

 net-mail/ytnef/Manifest           |  1 +
 net-mail/ytnef/ytnef-1.9.3.ebuild | 31 +++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)
Comment 2 Agostino Sarubbo gentoo-dev 2018-07-25 08:25:09 UTC 
amd64 stable
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2018-07-28 13:46:13 UTC 
x86 stable
Comment 4 Tobias Klausmann (RETIRED) gentoo-dev 2018-09-13 14:33:58 UTC 
Stable on alpha.
Comment 5 Larry the Git Cow gentoo-dev 2018-09-13 14:36:56 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=492d0d0db7b3f0ca9564d5be3042a781151152f8

commit 492d0d0db7b3f0ca9564d5be3042a781151152f8
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2018-09-13 14:36:46 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2018-09-13 14:36:46 +0000

    net-mail/ytnef: Security cleanup.
    
    Bug: https://bugs.gentoo.org/626858
    Package-Manager: Portage-2.3.49, Repoman-2.3.10

 net-mail/ytnef/Manifest           |  1 -
 net-mail/ytnef/ytnef-1.9.2.ebuild | 21 ---------------------
 2 files changed, 22 deletions(-)