You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa libytnef

Sigurnosni nedostaci programskog paketa libytnef

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4615-1
November 03, 2020

libytnef vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Yerase’s TNEF could be made to crash if it received specially crafted
input.

Software Description:
– libytnef: Yerases TNEF Stream Reader library

Details:

It was discovered that Yerase’s TNEF had null pointer dereferences, infinite
loop, buffer overflow, out of bounds reads, directory traversal issues and
other vulnerabilities. An attacker could use those issues to cause a crash
and consequently a denial of service. (CVE-2017-6298, CVE-2017-6299,
CVE-2017-6300, CVE-2017-6301, CVE-2017-6302, CVE-2017-6303, CVE-2017-6304,
CVE-2017-6305, CVE-2017-6306, CVE-2017-6800, CVE-2017-6801, CVE-2017-6802)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
libytnef0 1.5-9ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4615-1
CVE-2017-6298, CVE-2017-6299, CVE-2017-6300, CVE-2017-6301,
CVE-2017-6302, CVE-2017-6303, CVE-2017-6304, CVE-2017-6305,
CVE-2017-6306, CVE-2017-6800, CVE-2017-6801, CVE-2017-6802

Package Information:
https://launchpad.net/ubuntu/+source/libytnef/1.5-9ubuntu0.1
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAl+hwLAACgkQbUp5kL3i
zGbZoRAAl7VVsx/NRF9fm7suHQq5/Cbuf1ALZ7gmikKRNC/qEDacA8Vn4kljL561
ma5JRuUG2phBMMW4qOm19hs220S+eKhBgIGdrneMs/NDfcPBBykwrbf4BrRYk/AR
ar51cjT5XPLgYV+EZRVh+QuSAK4OARqm86CWcBZaBUAXCQFPu48OJI15sqQ4LHEl
MwN014bhm5rPJyiKY/WiMz4Lek2ZoIqkelscWXP3rKP7a80Tf7NFYSyOQjSGhNMa
eWgZN9x/JhhC3XQj+0E86pQ+K98TD8X1EFhDaLtKaH0JlMPE7z1dtzx+cplCyO+6
bVhrEMtNUSrc+NlAzLa5UUKcGZWX2kx4pYteGyNEJ9b9K6SDzFomRVpMmUKVG+Su
It9/3GQfHKYs7QFm3xp8ZwLDPL8N1juDUrl04PzsfNdlv5TFFhvn69DZeaR1SOse
wyjEhjjWC2yxQEs5oIjbOY9MwywNYRBfKrouZ93VJMC/NMAFvpzhAfSaKlRtatlU
hmJ1M6xJaG8fK5OKxXuGFRi6Z0HD7ysOvkDsMAtAQTluZ2SP73zTqquBJRcqifqJ
FGad09ZU5FybPsmEZQv81wsTcnJir7JNyWbiqRcGqwOdqHTtrk9AYnOb/NNaAiJy
Lxagmzkmtu3DNDjFforAhIv5AHWNLt17Zij7jvaqWI34HBkPdXQ=
=DCPg
—–END PGP SIGNATURE—–

AutorBruno Varga
Cert idNCERT-REF-2020-11-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa python-cryptography

Otkriven je sigurnosni nedostatak u programskom paketu python-cryptography za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija....

Close