CVE-2017-6802 - An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef. Upstream bug: https://github.com/Yeraze/ytnef/issues/34 CVE-2017-6801 - An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef. Upstream patch: https://github.com/Yeraze/ytnef/commit/3cb0f914d6427073f262e1b2b5fd973e3043cdf7 CVE-2017-6800 - An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef. Upstream bug: https://github.com/Yeraze/ytnef/issues/28
Created libytnef tracking bugs for this issue: Affects: fedora-all [bug 1422817] Affects: epel-all [bug 1422814]
Created ytnef tracking bugs for this issue: Affects: fedora-all [bug 1422815] Affects: epel-all [bug 1422816]
The correct fix will be to merge ytnef and libytnef into one package (as done upstream with version 1.9. I have prepared a scratch build here. Itamar if you don't mind I will push this to rawhide and deprecate the separate libytnef there and then go to the releases once this got a bit more testing. https://koji.fedoraproject.org/koji/taskinfo?taskID=18454905
Created attachment 1264378 [details] spec patch
Another CVE was reported in libytnef. CVE-2017-9058 - In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862556
Another CVE was reported in libytnef. CVE-2017-9146 - The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862707
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.