[SECURITY] [DLA 878-1] libytnef security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : libytnef
Version : 1.5-4+deb7u1
CVE ID : CVE-2017-6298 CVE-2017-6299 CVE-2017-6300 CVE-2017-6301
CVE-2017-6302 CVE-2017-6303 CVE-2017-6304 CVE-2017-6305
CVE-2017-6801 CVE-2017-6802
CVE-2017-6298
Null Pointer Deref / calloc return value not checked
CVE-2017-6299
Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c
CVE-2017-6300
Buffer Overflow in version field in lib/tnef-types.h
CVE-2017-6301
Out of Bounds Reads
CVE-2017-6302
Integer Overflow
CVE-2017-6303
Invalid Write and Integer Overflow
CVE-2017-6304
Out of Bounds read
CVE-2017-6305
Out of Bounds read and write
CVE-2017-6801
Out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef
CVE-2017-6802
Heap-based buffer over-read on incoming Compressed RTF Streams,
related to DecompressRTF() in libytnef
For Debian 7 "Wheezy", these problems have been fixed in version
1.5-4+deb7u1.
We recommend that you upgrade your libytnef packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJY2sXHXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH8IUP/2pVFEQJ0Iq2z6d2xUDzYQ+c
Dodop8LPsrZRczC0b62Vd5HfKlpphJ+mHGQlDQhOC7mo3TVdPMCemWV4MK8Rk2tU
tdsy4FkUyXYpXgxXz1X4vSqzncUNWuFt0T+P5Xh/g3hVAO3LdN5eY6beR5Wx2YBm
em9Qa6B2HHqPvOeyLFOS6B1SYMEf7ewp8rxmrysenCAbZlmB5CqzcZ7kQ8FR/xc3
s9uqT8fvPcA9PjuHcW5K1y6OjXtYt277ImMAxKBHXQEwDdw8hndMGkz5jyuIbbjc
gvwKH9QHFBCssPf0qI+6kCvEtA0/pmkdCgLShTPB8eswcbQ03SxhA9ZRguvuvRQ+
UF/EO/7W7lX9kz+m/Atp+5uV8TzMWfD98tf7LIV9/FldQYGt4fzkdTAea6yKJiMD
R9ax4E5nKW/NIe32wwVOIxrYN/CnVM8vgbu9ggUR5CAgtu3ajD/6on5QhsVsQXEO
lpsTAAZpJkmnnU4LRke9MNwDbytYz9/uMa0kFkpDyV9v7GTYZxgkDCPR8FQQgHlw
tRC6/NiecguFCPKKSQ5wDmorgAGJAt29sfZCTAVZEIfjl8wCa050djtwfQNhKfny
m5CeIpTOREZw8Gh4Jge1obrrry0zzHOQi8LTnCvsPofvH9Aj6r/z+rv8/twnVZQN
dQUL5R62rxE98TdBsVKt
=RLFU
-----END PGP SIGNATURE-----
Reply to: