Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 30: FEDORA-2019-7d7083b8be Critical: ytnef Buffer Overflow

fedora
Calendar Grey May 17, 2019
Dist Fedora Esm H88
The ytnef 1.9.3 update for Fedora 30 addresses several security vulnerabilities. It is essential to keep your system protected with this new patch.
ytnef 1.9.3 release, fixing a number of security issues: - CVE-2017-9470 - CVE-2017-9471 - CVE-2017-9474 - CVE-2017-9058 - CVE-2017-12142 - CVE-2017-12141 - CVE-2017-12144

Summary

Yerase's TNEF Stream Reader. Can take a TNEF Stream (winmail.dat) sent from

Microsoft Outlook (or similar products) and extract the attachments, including

construction of Contact Cards & Calendar entries.

ytnef 1.9.3 release, fixing a number of security issues: - CVE-2017-9470 -CVE-2017-9471 - CVE-2017-9474 - CVE-2017-9058 - CVE-2017-12142 -CVE-2017-12141 - CVE-2017-12144

* Thu May 9 2019 Kalev Lember - 1:1.9.3-1

- Update to 1.9.3 (#1683489)

[ 1 ] Bug #1431730 - CVE-2017-6800 CVE-2017-6801 CVE-2017-6802 CVE-2017-9058 CVE-2017-9146 ytnef: Multiple vulnerabilities fixed in 1.9.2 version

https://bugzilla.redhat.com/show_bug.cgi?id=1431730

[ 2 ] Bug #1422813 - CVE-2017-6298 CVE-2017-6299 CVE-2017-6300 CVE-2017-6301 CVE-2017-6302 CVE-2017-6303 CVE-2017-6304 CVE-2017-6305 CVE-2017-6306 ytnef: Multiple vulnerabilities fixed in 1.9.1 version

https://bugzilla.redhat.com/show_bug.cgi?id=1422813

[ 3 ] Bug #1459452 - CVE-2017-9470 CVE-2017-9471 CVE-2017-9472 CVE-2017-9473 CVE-2017-9474 ytnef: Multiple vulnerabilities in 1.9.2 version

https://bugzilla.redhat.com/show_bug.cgi?id=1459452

[ 4 ] Bug #1477558 - CVE-2017-12144 ytnef: allocation failure in TNEFFillMapi function

https://bugzilla.redhat.com/show_bug.cgi?id=1477558

[ 5 ] Bug #1477556 - CVE-2017-12142 ytnef: invalid memory read in SwapDWord function

https://bugzilla.redhat.com/show_bug.cgi?id=1477556

[ 6 ] Bug #1477549 - CVE-2017-12141 ytnef: heap-based buffer overflow in TNEFFillMapi function

https://bugzilla.redhat.com/show_bug.cgi?id=1477549

su -c 'dnf upgrade --advisory FEDORA-2019-7d7083b8be' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory buffer overflow critical Fedora stream reader

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 30
Version: 1.9.3
Release: 1.fc30
URL: https://github.com/Yeraze/ytnef
Summary: Yerase's TNEF Stream Reader

Topics%20covered

Topics Covered

security advisory buffer overflow critical Fedora stream reader

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here