Ubuntu Security Notice USN-4615-1
November 03, 2020
libytnef vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
Summary:
Yerase's TNEF could be made to crash if it received specially
crafted
input.
Software Description:
- libytnef: Yerases TNEF Stream Reader library
Details:
It was discovered that Yerase's TNEF had null pointer
dereferences, infinite
loop, buffer overflow, out of bounds reads, directory traversal
issues and
other vulnerabilities. An attacker could use those issues to cause
a crash
and consequently a denial of service. (CVE-2017-6298,
CVE-2017-6299,
CVE-2017-6300, CVE-2017-6301, CVE-2017-6302, CVE-2017-6303,
CVE-2017-6304,
CVE-2017-6305, CVE-2017-6306, CVE-2017-6800, CVE-2017-6801,
CVE-2017-6802)
Update instructions:
The problem can be corrected by updating your system to the
following
package versions:
Ubuntu 16.04 LTS:
libytnef0 1.5-9ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4615-1
CVE-2017-6298, CVE-2017-6299, CVE-2017-6300, CVE-2017-6301,
CVE-2017-6302, CVE-2017-6303, CVE-2017-6304, CVE-2017-6305,
CVE-2017-6306, CVE-2017-6800, CVE-2017-6801, CVE-2017-6802
Package Information:
https://launchpad.net/ubuntu/+source/libytnef/1.5-9ubuntu0.1
Read more https://packetstormsecurity.com/files/159805/USN-4615-1.txt
