*** This bug is a security vulnerability *** Public security bug reported:
http://www.openwall.com/lists/oss-security/2017/02/15/4 https://github.com/Yeraze/ytnef/pull/27/files Upstream calls this X41-2017-002 but there will probably be CVE numbers assigned too. https://security-tracker.debian.org/tracker/TEMP-0000000-8B3E01 Fixed in zesty. I'd like to copy the Debian stable security patches when it's released there. Quoting from the oss-security post… Summary and Impact ------------------ Multiple Heap Overflows, out of bound writes and reads, NULL pointer dereferences and infinite loops have been discovered in ytnef 1.9 an earlier. These could be exploited by tricking a user into opening a malicious winmail.dat file. Product Description ------------------- ytnef offers a library and utilities to extract the files from winmail.dat files. winmail.dat files are send by Microsoft Outlook when forwarding files via e-mail. The vendor was very responsive in providing a patched version. Analysis -------- Due to the big amount of issues found no detailed analysis is given here. Almost all allocations were unchecked and out of bounds checks rarely performed in the code. In total 9 patches were generated for the following issues: 1. Null Pointer Deref / calloc return value not checked 2. Infinite Loop / DoS 3. Buffer Overflow in version field 4. Out of Bound Reads 5. Integer Overflow 6. Invalid Write and Integer Overflow 7. Out of Bounds read 8. Out of Bounds read and write 9. Directory Traversal using the filename ** Affects: libytnef (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666884 Title: libytnef: February 2017 multiple vulnerabilities (X41-2017-002) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libytnef/+bug/1666884/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
