Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 701816 (CVE-2019-18849) - <net-mail/tnef-1.4.18: security bypass in .ssh/authorized_keys file via an e-mail message (CVE-2019-18849)
Summary: <net-mail/tnef-1.4.18: security bypass in .ssh/authorized_keys file via an e-...
Status: RESOLVED FIXED
Alias: CVE-2019-18849
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/verdammelt/tnef/pu...
Whiteboard: B4 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-12-02 22:26 UTC by GLSAMaker/CVETool Bot
Modified: 2020-03-26 19:08 UTC (History)
0 users

See Also:
Package list:
net-mail/tnef-1.4.18
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-12-02 22:26:43 UTC
CVE-2019-18849 (https://nvd.nist.gov/vuln/detail/CVE-2019-18849):
  In tnef before 1.4.18, an attacker may be able to write to the victim's
  .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat
  application/ms-tnef attachment, because of a heap-based buffer over-read
  involving strdup.
Comment 2 Larry the Git Cow gentoo-dev 2020-03-25 22:49:08 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa778e19a5cb0e9158365fbfdc38b6bb3fe9c3b6

commit aa778e19a5cb0e9158365fbfdc38b6bb3fe9c3b6
Author:     Sam James (sam_c) <sam@cmpct.info>
AuthorDate: 2020-03-25 02:04:26 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-03-25 22:49:00 +0000

    net-mail/tnef: Security bump to 1.4.18
    
    Bug: https://bugs.gentoo.org/701816
    Signed-off-by: Sam James (sam_c) <sam@cmpct.info>
    Closes: https://github.com/gentoo/gentoo/pull/15099
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-mail/tnef/Manifest           |  1 +
 net-mail/tnef/tnef-1.4.18.ebuild | 23 +++++++++++++++++++++++
 2 files changed, 24 insertions(+)
Comment 3 Agostino Sarubbo gentoo-dev 2020-03-26 10:18:20 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-03-26 10:21:08 UTC
ppc stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-03-26 10:23:05 UTC
sparc stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-03-26 10:24:58 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-03-26 12:04:02 UTC
ppc64 stable
Comment 8 Rolf Eike Beer archtester 2020-03-26 19:03:12 UTC
Dropped to ~hppa as there are no stable revdeps.
Comment 9 Sam James archtester gentoo-dev Security 2020-03-26 19:04:48 UTC
@maintainer(s), please cleanup by dropping =net-mail/tnef-1.4.15.
Comment 10 Larry the Git Cow gentoo-dev 2020-03-26 19:07:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8a92e36c939319b84743e4ea814547ba9fae090

commit a8a92e36c939319b84743e4ea814547ba9fae090
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-03-26 19:07:17 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-03-26 19:07:43 +0000

    net-mail/tnef: security cleanup (bug #701816)
    
    Bug: https://bugs.gentoo.org/701816
    Package-Manager: Portage-2.3.96, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-mail/tnef/Manifest           |  2 --
 net-mail/tnef/tnef-1.4.15.ebuild | 23 -----------------------
 net-mail/tnef/tnef-1.4.17.ebuild | 23 -----------------------
 3 files changed, 48 deletions(-)
Comment 11 Thomas Deutschmann gentoo-dev Security 2020-03-26 19:08:30 UTC
GLSA Vote: No

Repository is clean, all done!