libytnef: CVE-2017-12141: heap-buffer-overflow

Debian Bug report logs - #870815
libytnef: CVE-2017-12141: heap-buffer-overflow

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: libytnef: CVE-2017-12141: heap-buffer-overflow

Date: Sat, 05 Aug 2017 15:31:31 +0200

Source: libytnef
Version: 1.9.2-2
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/Yeraze/ytnef/issues/50

Hi,

the following vulnerability was published for libytnef.

CVE-2017-12141[0]:
| In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in
| the function TNEFFillMapi in ytnef.c, which allows attackers to cause a
| denial of service via a crafted file.

Reproducible with an ASAN build and the given reproducer.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-12141
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12141
[1] https://github.com/Yeraze/ytnef/issues/50

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #12 received at 870815@bugs.debian.org (full text, mbox, reply):

From: Michael Gratton <mike@vee.net>

To: 870815@bugs.debian.org

Subject: Upstream 1.9.3 release

Date: Tue, 21 Aug 2018 23:54:58 +1000

Just FYI the new upstream 1.9.3 release fixes all known CVE in 
libytnef: https://github.com/Yeraze/ytnef/releases/tag/v1.9.3


-- 
⊨ Michael Gratton, Percept Wrangler.
⚙ <http://mjog.vee.net/>

Message #17 received at 870815-close@bugs.debian.org (full text, mbox, reply):

From: Ricardo Mones <mones@debian.org>

To: 870815-close@bugs.debian.org

Subject: Bug#870815: fixed in libytnef 1.9.3-1

Date: Sun, 21 Oct 2018 22:20:00 +0000

Source: libytnef
Source-Version: 1.9.3-1

We believe that the bug you reported is fixed in the latest version of
libytnef, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 870815@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ricardo Mones <mones@debian.org> (supplier of updated libytnef package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 21 Oct 2018 00:36:17 +0200
Source: libytnef
Binary: libytnef0 libytnef0-dev ytnef-tools
Architecture: source amd64
Version: 1.9.3-1
Distribution: unstable
Urgency: medium
Maintainer: Ricardo Mones <mones@debian.org>
Changed-By: Ricardo Mones <mones@debian.org>
Description:
 libytnef0  - improved decoder for application/ms-tnef attachments
 libytnef0-dev - headers for application/ms-tnef attachments decoder
 ytnef-tools - ytnef decoder commandline tools
Closes: 460390 870192 870194 870196 870815 870816 870817
Changes:
 libytnef (1.9.3-1) unstable; urgency=medium
 .
   * New upstream release fixing the following:
     • [CVE-2017-9470] NULL pointer dereference in MAPIPrint.
       Closes: #870196.
     • [CVE-2017-9471] heap-based-buffer overflow in SwapWord.
       Closes: #870194.
     • [CVE-2017-9474] heap-based buffer overflow in DecompressRTF.
       Closes: #870192.
     • [CVE-2017-12142] SEGV in ytnef.c in SwapDWord.
       Closes: #870816.
     • [CVE-2017-12141] heap-buffer-overflow in TNEFFillMapi.
       Closes: #870815.
     • [CVE-2017-12144] allocation failure  in TNEFFillMapi.
       Closes: #870817.
   * Remove patch for CVE-2017-9058 already in this release
   * New maintainers for package (Closes: #460390)
   * Priority extra has been replaced by optional
   * Update Vcs-* for current infrastructure
   * Standards-Version updated to latest
   * Set debhelper compat level to 11
Checksums-Sha1:
 968edfc9e0c29e54e5313fa9aa16761e53c22044 1966 libytnef_1.9.3-1.dsc
 83d320ef862b0e1d1a9c6d5e717594e9360cc67e 301338 libytnef_1.9.3.orig.tar.gz
 212ba8d953b37f7fe52d162cf2584dd7e829fa9d 4524 libytnef_1.9.3-1.debian.tar.xz
 dc2e7a57c819770aacc709e5ef1daadfcb5c7b30 38788 libytnef0-dbgsym_1.9.3-1_amd64.deb
 3b23f82fbd2d194ad53e918ecd9a23a85ca246c1 32388 libytnef0-dev_1.9.3-1_amd64.deb
 1059847295d9a501c2e546828e13348d54964334 26184 libytnef0_1.9.3-1_amd64.deb
 8ef39733da213bf66dc6f94b1f88903bf0edee9c 6554 libytnef_1.9.3-1_amd64.buildinfo
 63fbb4e9445a9219ae7d8ce0d64f7c0cdd987af2 38292 ytnef-tools-dbgsym_1.9.3-1_amd64.deb
 4732a11faf7f1ac5ce5532b7f91da0c8274e7562 21404 ytnef-tools_1.9.3-1_amd64.deb
Checksums-Sha256:
 7e3da3f548a4ace8603d11dacb4992a39dee0ffeb15e87a8bbc3c72ddeb62f66 1966 libytnef_1.9.3-1.dsc
 41a0033bde33c86a7e4aa4e14bb822dd03084098638e7d6557263e47e80b4f4f 301338 libytnef_1.9.3.orig.tar.gz
 e27c66f7fbf1c417304f5ff969104e4aecad756af1b94594300f1cf77683a699 4524 libytnef_1.9.3-1.debian.tar.xz
 84828250bced2d250ab81149ef8c131253af59ed43770fb7797e35200ace1652 38788 libytnef0-dbgsym_1.9.3-1_amd64.deb
 1d1ff166f552a08b8800d8e8c19b8242fd032dad1dd89996ba536e444be8b6f7 32388 libytnef0-dev_1.9.3-1_amd64.deb
 e86356207496140265bd9ff86b5da00b4cd91945e35393a52f40dd6b85658603 26184 libytnef0_1.9.3-1_amd64.deb
 ca57fedd4b0e2b550cf2567b52e520f0bc2aa4c630618d3ac7b23cc5fc29cb6e 6554 libytnef_1.9.3-1_amd64.buildinfo
 bfe0d930b41e742b3d4ccd28084c2dfc6d6902891e805c67b97c1aa43a190c29 38292 ytnef-tools-dbgsym_1.9.3-1_amd64.deb
 13aaaa05c3fc99b5478d8d80b4ec29f3661465f49c4b424a3b2ab513167d1f23 21404 ytnef-tools_1.9.3-1_amd64.deb
Files:
 44dbfa5e71f87a2ab877c4d31d2923c7 1966 utils optional libytnef_1.9.3-1.dsc
 60b7c26daa19a1246d077560b6862150 301338 utils optional libytnef_1.9.3.orig.tar.gz
 8ed0a62bc201deb14f60fce3a06cd7cd 4524 utils optional libytnef_1.9.3-1.debian.tar.xz
 1888b5f3286717fe4e0a5dbb05c80e65 38788 debug optional libytnef0-dbgsym_1.9.3-1_amd64.deb
 2240d13aa4e7cfe71b746672bf6a7245 32388 libdevel optional libytnef0-dev_1.9.3-1_amd64.deb
 2cce0e9fbb21f0fc02a5319b66ffe61c 26184 libs optional libytnef0_1.9.3-1_amd64.deb
 3f500a3cfed80074cdc5885dca6d1d2f 6554 utils optional libytnef_1.9.3-1_amd64.buildinfo
 253b4d766c68a9c0e8c619ef7c193a69 38292 debug optional ytnef-tools-dbgsym_1.9.3-1_amd64.deb
 c6bfa89b4993c4d5a19fd6c75cd8b8c5 21404 utils optional ytnef-tools_1.9.3-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEQ7w2SxbfDCBevXWSHw8KiN5bzKYFAlvM9eoACgkQHw8KiN5b
zKZ4gBAAr6+F2Y66lMF2f5FhXsGIqDydPzHAtL7vN/QCy2WBi1WWRfk4WsEfZ5AX
imcJDhOLR8TrRs5kigVI/pJwWgmNyJLWsYWPl4YYwkqDMM7zJ79qy7yiCpiOx1cS
jWBGnvrUFSUFqAYM+TqIvqMAUl80VyvdalISQN09TQemUSDb+pEGfqRX6TfqxL+t
AFxHI1X00+soZi+larqfp9IXQMzMLG+u/eK+fYYT4NAYqTpzNO6WF1rkFN0AgRgX
7vH0yjkGKOaivxzKy88QDgr+Lr34bh+gPa/rUrBv9iCQr9SaJVM2+oV4Stk4/YZV
hPhoCKtWGfUAj1HNc5KZZ9g2BsTbBcPeLgAfmSiQzUCKuV+PTzm+G+Gq8M6NyBYV
Kxv+Kqj38cT5mMz7VUg3q49s299b6T5EsYwdT7VG2+ghsaQfQIjWvlibyVsyFyQx
a5MYWYIVQSr+48T5HCP9dwg76LhLyOPjDIVhJoVK6c7/FZ7o6TjXGvMQpMZxI3ei
0J9OGdwu66zY2PeLARI9GduJ20h+DPBZCvw3IZoFFehcJJoIPuqV1dDik3sN8Tum
vKW3+WpgLiNmqY730/Fg4xNA9aFZluPoToyPtLGkTfePJopL7/eeE9BZbxkFUcYF
UluuVu4EpZlXtFiO9fHc5mU8HpfkMo14C1mcNfjzEicvD/bksIw=
=nmFm
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.