Source: tnef Version: 1.4.9-1 Severity: grave Tags: security upstream fixed-upstream
Hi, the following vulnerabilities were published for tnef. CVE-2017-6307[0]: | An issue was discovered in tnef before 1.4.13. Two OOB Writes have been | identified in src/mapi_attr.c:mapi_attr_read(). These might lead to | invalid read and write operations, controlled by an attacker. CVE-2017-6308[1]: | An issue was discovered in tnef before 1.4.13. Several Integer | Overflows, which can lead to Heap Overflows, have been identified in | the functions that wrap memory allocation. CVE-2017-6309[2]: | An issue was discovered in tnef before 1.4.13. Two type confusions have | been identified in the parse_file() function. These might lead to | invalid read and write operations, controlled by an attacker. CVE-2017-6310[3]: | An issue was discovered in tnef before 1.4.13. Four type confusions | have been identified in the file_add_mapi_attrs() function. These might | lead to invalid read and write operations, controlled by an attacker. All of those fixed in 1.4.13. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-6307 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6307 [1] https://security-tracker.debian.org/tracker/CVE-2017-6308 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6308 [2] https://security-tracker.debian.org/tracker/CVE-2017-6309 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6309 [3] https://security-tracker.debian.org/tracker/CVE-2017-6310 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6310 Regards, Salvatore -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)