Bug 1422813 (CVE-2017-6298, CVE-2017-6299, CVE-2017-6300, CVE-2017-6301, CVE-2017-6302, CVE-2017-6303, CVE-2017-6304, CVE-2017-6305, CVE-2017-6306) - CVE-2017-6298 CVE-2017-6299 CVE-2017-6300 CVE-2017-6301 CVE-2017-6302 CVE-2017-6303 CVE-2017-6304 CVE-2017-6305 CVE-2017-6306 ytnef: Multiple vulnerabilities fixed in 1.9.1 version
Summary: CVE-2017-6298 CVE-2017-6299 CVE-2017-6300 CVE-2017-6301 CVE-2017-6302 CVE-201...
Keywords:
Status: CLOSED UPSTREAM
Alias: CVE-2017-6298, CVE-2017-6299, CVE-2017-6300, CVE-2017-6301, CVE-2017-6302, CVE-2017-6303, CVE-2017-6304, CVE-2017-6305, CVE-2017-6306
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1422814 1422816 1422815 1422817
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-02-16 10:32 UTC by Andrej Nemec
Modified: 2019-09-29 14:07 UTC (History)
4 users (show)

Fixed In Version: ytnef 1.9.1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-08 03:07:44 UTC


Attachments (Terms of Use)

Description Andrej Nemec 2017-02-16 10:32:52 UTC
Ytnef upstream released a security advisory for their latest release.

http://openwall.com/lists/oss-security/2017/02/15/4

It fixes multiple security vulnerabilities.

Comment 1 Andrej Nemec 2017-02-16 10:35:17 UTC
Created libytnef tracking bugs for this issue:

Affects: epel-all [bug 1422814]
Affects: fedora-all [bug 1422817]


Created ytnef tracking bugs for this issue:

Affects: epel-all [bug 1422816]
Affects: fedora-all [bug 1422815]

Comment 2 Andrej Nemec 2017-02-28 08:52:28 UTC
Mitre assigned CVEs for these patches:

Null Pointer Deref / calloc return value not checked - CVE-2017-6298
Infinite Loop / DoS - CVE-2017-6299
Buffer Overflow in version field - CVE-2017-6300
Out of Bound Reads - CVE-2017-6301
Integer Overflow - CVE-2017-6302
Invalid Write and Integer Overflow CVE-2017-6303
Out of Bounds read - CVE-2017-6304
Out of Bounds read and write - CVE-2017-6305
Directory Traversal using the filename - CVE-2017-6306

Comment 3 Product Security DevOps Team 2019-06-08 03:07:44 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.


Note You need to log in before you can comment on or make changes to this bug.