tnef: CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310

Debian Bug report logs - #856117
tnef: CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: tnef: CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310

Date: Sat, 25 Feb 2017 11:42:33 +0100

Source: tnef
Version: 1.4.9-1
Severity: grave
Tags: security upstream fixed-upstream

Hi,

the following vulnerabilities were published for tnef.

CVE-2017-6307[0]:
| An issue was discovered in tnef before 1.4.13. Two OOB Writes have been
| identified in src/mapi_attr.c:mapi_attr_read(). These might lead to
| invalid read and write operations, controlled by an attacker.

CVE-2017-6308[1]:
| An issue was discovered in tnef before 1.4.13. Several Integer
| Overflows, which can lead to Heap Overflows, have been identified in
| the functions that wrap memory allocation.

CVE-2017-6309[2]:
| An issue was discovered in tnef before 1.4.13. Two type confusions have
| been identified in the parse_file() function. These might lead to
| invalid read and write operations, controlled by an attacker.

CVE-2017-6310[3]:
| An issue was discovered in tnef before 1.4.13. Four type confusions
| have been identified in the file_add_mapi_attrs() function. These might
| lead to invalid read and write operations, controlled by an attacker.

All of those fixed in 1.4.13.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-6307
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6307
[1] https://security-tracker.debian.org/tracker/CVE-2017-6308
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6308
[2] https://security-tracker.debian.org/tracker/CVE-2017-6309
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6309
[3] https://security-tracker.debian.org/tracker/CVE-2017-6310
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6310

Regards,
Salvatore


-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Message #10 received at 856117@bugs.debian.org (full text, mbox, reply):

From: Sébastien Delafond <seb@debian.org>

To: 856117@bugs.debian.org

Subject: tnef update in unstable

Date: Wed, 1 Mar 2017 08:51:19 +0100

Hi Kevin,

those 4 security issues were fixed via DSA-3798-1 in jessie-security, by
backporting the appropriate upstream changes (thanks to Thorsten for
doing that).

I've verified 1.4.13 only contains those security fixes, and no new
major evolution or feature, so could you please prepare and upload it to
unstable ? The Security Team would then be able to ask for an unblock so
those problems also end up fixed in stretch.

Cheers,

--Seb

Message #15 received at 856117-close@bugs.debian.org (full text, mbox, reply):

From: Thorsten Alteholz <debian@alteholz.de>

To: 856117-close@bugs.debian.org

Subject: Bug#856117: fixed in tnef 1.4.9-1+deb8u1

Date: Thu, 09 Mar 2017 23:20:53 +0000

Source: tnef
Source-Version: 1.4.9-1+deb8u1

We believe that the bug you reported is fixed in the latest version of
tnef, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 856117@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <debian@alteholz.de> (supplier of updated tnef package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 27 Feb 2017 19:03:02 +0100
Source: tnef
Binary: tnef
Architecture: source amd64
Version: 1.4.9-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Kevin Coyner <kcoyner@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 tnef       - Tool to unpack MIME application/ms-tnef attachments
Closes: 856117
Changes:
 tnef (1.4.9-1+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Wheezy LTS Team. (Closes: #856117)
   * CVE-2017-6307
     An issue was discovered in tnef before 1.4.13. Two OOB Writes have
     been identified in src/mapi_attr.c:mapi_attr_read(). These might
     lead to invalid read and write operations, controlled by an attacker.
   * CVE-2017-6308
     An issue was discovered in tnef before 1.4.13. Several Integer
     Overflows, which can lead to Heap Overflows, have been identified
     in the functions that wrap memory allocation.
   * CVE-2017-6309
     An issue was discovered in tnef before 1.4.13. Two type confusions
     have been identified in the parse_file() function. These might lead
     to invalid read and write operations, controlled by an attacker.
   * CVE-2017-6310
     An issue was discovered in tnef before 1.4.13. Four type confusions
     have been identified in the file_add_mapi_attrs() function.
     These might lead to invalid read and write operations, controlled
     by an attacker.
Checksums-Sha1:
 44b841c8da86aaf5e553783540ffb282034152ab 1884 tnef_1.4.9-1+deb8u1.dsc
 d42ccbe3d41e797fb4133f2e01120680101e8782 3952575 tnef_1.4.9.orig.tar.gz
 dbc8d2eb01661692bc9044503c3e924385e88f45 6408 tnef_1.4.9-1+deb8u1.debian.tar.xz
 5ba7da83e81d419dad2350c19f00c697a275e11a 47936 tnef_1.4.9-1+deb8u1_amd64.deb
Checksums-Sha256:
 f4905763d514273b427d99a89a709a18d8370ca81e1900bbd6de7f448bfa940b 1884 tnef_1.4.9-1+deb8u1.dsc
 c4d64ec48f79681a11ee45b38c6b2177ce2d0a8c8f99733e90d462bd27eee6af 3952575 tnef_1.4.9.orig.tar.gz
 dcdd1e8a372c4f03077c85ea65500a13eff0177c3c917214e81d05f657f95eae 6408 tnef_1.4.9-1+deb8u1.debian.tar.xz
 685bcef186164383d5282c40d876a0d3c9f3bf46bc77490852a896e1dc370ab4 47936 tnef_1.4.9-1+deb8u1_amd64.deb
Files:
 60ba775438595956e21553054d065543 1884 text optional tnef_1.4.9-1+deb8u1.dsc
 83a3a8fe0c15c9bbe2a8dae74c46b761 3952575 text optional tnef_1.4.9.orig.tar.gz
 bf18cb1ff6f0aa65434e11e9aa5edc84 6408 text optional tnef_1.4.9-1+deb8u1.debian.tar.xz
 33d69db92a61080d2169ad02e0d8476c 47936 text optional tnef_1.4.9-1+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAli1wDRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR7IsD/98157RWPyIUPLMRSHgwYRGWsr2N8FC
7Myn0LDVsNQ1CavWY44CriXSPTaOy2ECC8595fAHlbaPlBDj8a2XmJBfMoyr8XXu
XacBoRmlu73ghGzSOkhtgnL0UrcYYsUbw108CA5mmoSeGfBoi/oZsj37Y/FxM6MR
uj9FoiTu8QZ+2xTGc5CBjmRqLWesUJvd4DWny9xiTZy+SRKsgmcpHphkcgBtpN7i
WUCEF/7s+6/h/CRg1R9wOxrz4MH7SkFFNuGlzxwq4o+s2nOFgOnlKJYfP5DT6toT
Sjfk1/r7w1tELy89RknXHqKVWK61id2covBhmvOkRGHvvLcnCN6Nj/CoZ7DbtO0E
2hnTHszD+8oLMC1VzLWlFwggUiDlxkS24B5xQ9RAfYOB8y1JU2HTs00AZgJXSmIA
Vu2X6TGdzow14y83ANZL6Xj8fXyeWEE+gxIhiKEyFVvMjyS9lv3jHXyh/SMXZyjs
AnJQZFlQQ17Ln0WY95MogxPYFR2kZA6XOnxXev4Adz+Tj5uYC+aDrMgsYWhOob4I
r7XFzUD3Rt+2MDZH1frZmPMfOs+SZ8Pjlntb5kKvRbgjzhjpHLWiM2AFik0+IiUu
Tl3drK3chkiQhGa5NNbP8qPTDYeRJ5isRjoTTme+B7td/HJ7vwDuLVn5YXYcMopz
PyRCxqq6zwPQSg==
=i+d+
-----END PGP SIGNATURE-----

Message #20 received at 856117@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: S??bastien Delafond <seb@debian.org>, 856117@bugs.debian.org

Subject: Re: Bug#856117: tnef update in unstable

Date: Mon, 13 Mar 2017 06:41:42 +0100

Hi,

On Wed, Mar 01, 2017 at 08:51:19AM +0100, S??bastien Delafond wrote:
> Hi Kevin,
> 
> those 4 security issues were fixed via DSA-3798-1 in jessie-security, by
> backporting the appropriate upstream changes (thanks to Thorsten for
> doing that).
> 
> I've verified 1.4.13 only contains those security fixes, and no new
> major evolution or feature, so could you please prepare and upload it to
> unstable ? The Security Team would then be able to ask for an unblock so
> those problems also end up fixed in stretch.

FTR, the fixes might contain a regression, cf. #857342. But this
should be clarified with upstream if the assert is too overly-scrict.

(It is another aspect, if it is right to use asserts to catch the
issues) or if that should be handled more gracefully.

Regards,
Salvatore

Message #25 received at 856117-quiet@bugs.debian.org (full text, mbox, reply):

From: Adrian Bunk <bunk@debian.org>

To: Kevin Coyner <kcoyner@debian.org>

Cc: Thorsten Alteholz <debian@alteholz.de>, 856117-quiet@bugs.debian.org

Subject: Stretch update for tnef

Date: Tue, 28 Mar 2017 00:21:12 +0300

On Sat, Feb 25, 2017 at 05:34:27PM +0000, Kevin Coyner wrote:
> Hi Thorsten

Hi Kevin,

> I would like to fix this and the work is not a burden to me whatsoever.
> However, at the moment I am unable to give this security issue the
> attention I know it deserves. So that all said, I would like to ask the LTS
> Team to take care of the matter.  No review of their work is needed by me.
> I'll catch up to it after the fact.

could you (or Thorsten) also fix it in stretch by adding the CVE and 
regression fixes to the version in stretch?

> Thank you.
> 
> Kevin Coyner

Thanks
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Message #30 received at 856117-quiet@bugs.debian.org (full text, mbox, reply):

From: Thorsten Alteholz <debian@alteholz.de>

To: Adrian Bunk <bunk@debian.org>

Cc: Kevin Coyner <kcoyner@debian.org>, 856117-quiet@bugs.debian.org

Subject: Re: Stretch update for tnef

Date: Tue, 28 Mar 2017 22:29:06 +0200 (CEST)

Hi everybody,

On Tue, 28 Mar 2017, Adrian Bunk wrote:
> could you (or Thorsten) also fix it in stretch by adding the CVE and
> regression fixes to the version in stretch?

I could do the upload, but isn't it too late now, as the AUTORM will 
remove the package?

  Thorsten

Message #35 received at 856117-close@bugs.debian.org (full text, mbox, reply):

From: Thorsten Alteholz <debian@alteholz.de>

To: 856117-close@bugs.debian.org

Subject: Bug#856117: fixed in tnef 1.4.12-1.1

Date: Thu, 30 Mar 2017 18:23:42 +0000

Source: tnef
Source-Version: 1.4.12-1.1

We believe that the bug you reported is fixed in the latest version of
tnef, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 856117@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <debian@alteholz.de> (supplier of updated tnef package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Mar 2017 19:03:02 +0200
Source: tnef
Binary: tnef
Architecture: source amd64
Version: 1.4.12-1.1
Distribution: sid
Urgency: medium
Maintainer: Kevin Coyner <kcoyner@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 tnef       - Tool to unpack MIME application/ms-tnef attachments
Closes: 856117 857342
Changes:
 tnef (1.4.12-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload by the Wheezy LTS Team. (Closes: #856117)
   * while fixing the CVEs, upstream introduced a regression
     fix-regression-1.patch and fix-regression-2.patch take care of
     that (Closes: #857342)
   * CVE-2017-6307
     An issue was discovered in tnef before 1.4.13. Two OOB Writes have
     been identified in src/mapi_attr.c:mapi_attr_read(). These might
     lead to invalid read and write operations, controlled by an attacker.
   * CVE-2017-6308
     An issue was discovered in tnef before 1.4.13. Several Integer
     Overflows, which can lead to Heap Overflows, have been identified
     in the functions that wrap memory allocation.
   * CVE-2017-6309
     An issue was discovered in tnef before 1.4.13. Two type confusions
     have been identified in the parse_file() function. These might lead
     to invalid read and write operations, controlled by an attacker.
   * CVE-2017-6310
     An issue was discovered in tnef before 1.4.13. Four type confusions
     have been identified in the file_add_mapi_attrs() function.
     These might lead to invalid read and write operations, controlled
     by an attacker.
Checksums-Sha1:
 f0e29a533743811dc2e1f9af8d38f44c8351080a 1884 tnef_1.4.12-1.1.dsc
 1e6cb8a267157f9ee7696ef8fc4c602e40cb2902 8463407 tnef_1.4.12.orig.tar.gz
 8ab3d4bdaf61438ee14aabea9f80f8f4f12abff8 6960 tnef_1.4.12-1.1.debian.tar.xz
 e6b0d09e2e4d52e9e5803ba2adf672c5f9492b09 53408 tnef-dbgsym_1.4.12-1.1_amd64.deb
 fc0af99702d28da5969bb336530f4165908fdd84 5779 tnef_1.4.12-1.1_amd64.buildinfo
 6c08d63b0cebc06107c2a02cd198f7d31ffd2cfa 42388 tnef_1.4.12-1.1_amd64.deb
Checksums-Sha256:
 8492ee46872f307250d41c252e584eaf3d32f510ec38441569dc8ec8608b6db8 1884 tnef_1.4.12-1.1.dsc
 f7dea4c806d2263948ed027dbb8c593191f321b79c73816bb5608c957bc70254 8463407 tnef_1.4.12.orig.tar.gz
 771b4306cdfc3237fda90455b1c435c1f005bc021f5d180873baa5cd17310faa 6960 tnef_1.4.12-1.1.debian.tar.xz
 35262cd7604f838d53bd3f10833a809869f37e7f3e585517ff573f51d529e9ac 53408 tnef-dbgsym_1.4.12-1.1_amd64.deb
 74b6c567571f22eaaf32642f3d468de2e4090b9144648edb7d82c9861305a8f2 5779 tnef_1.4.12-1.1_amd64.buildinfo
 e5d45325db23d10a5974d9c47a5c7e19979a01a0601c049889b7fd4e332c4acf 42388 tnef_1.4.12-1.1_amd64.deb
Files:
 b80511f2c5b9189f47b7193b34cbeee3 1884 text optional tnef_1.4.12-1.1.dsc
 59d96464d8aa10349c02ca1edd47f0ac 8463407 text optional tnef_1.4.12.orig.tar.gz
 4c50a29e6cd252ce2f2e3067ab4133be 6960 text optional tnef_1.4.12-1.1.debian.tar.xz
 e819556f30e499eaf7b8f6fd412a5623 53408 debug extra tnef-dbgsym_1.4.12-1.1_amd64.deb
 c1fe21c7b86e266b2bbf73467e77df9a 5779 text optional tnef_1.4.12-1.1_amd64.buildinfo
 05867ee7a6b60fd2f9255f3e372592b4 42388 text optional tnef_1.4.12-1.1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAljdSMZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR3/fD/4rEtNNMSo8KOZ66r3m3rhMZkk5U4cd
ddc+4HuLUUTmKjKVQsAQ3a3eGWsXOJqna9BwPgkmnlw9/9mFFzyK+7pXmZWNOulu
vd4OwvQscmeVClvZHsuziUdSwe0VDTx2HJaSXaUSYy2+Ahp7Mf9Mmfh4hyuwN23e
TQpjaIMtCp1pyyE5qbbsTOqYTMphIqzz9FKvOeQHNOQqfSpNF8MUoHxcrqqJl9tE
obLSccXXe1ItUovIwJYVNx2+NSuK8Wt5QrqnnSSLLNa/eonOetqiZi3iH8KGF1GD
KWxHaXG/vID/UKvjFAo0TK6Tkw/9VR8Xb+3QztH2Wd0ZsYVSrG0ZxKbGFIoWfObU
QdQMU/st0uWex7XngDeNgzAusSFNhf5YYo6FNT+Ioq99BnzgjMriYm5XxZPpmPjr
feQVGlfXzj+EUjSXEL16njRsiJgoaNy2JxEzFRDLOrbZksFt9skW94udi9HFuzXC
PQ9crifi4Zo7BYe/lEPamqHbiRiEyIa5FzjFePUsjBi2FcYi98ZMbe82Is3Lz8DJ
3rDHmXc8TaNtMnmU228TH81YlhTyo8a9+0FTibGZ6SyUp4Tppp2XiUX5/Jsz49D2
w3JQZfbKA0aMCFNNe/GJYTeVUt97lgibXbvZVQr9eMUg9tBDo0tVqqBQYmgcivlT
Kvmyy58Z5NhknQ==
=V7lV
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.