SB2020110318 - Ubuntu update for libytnef

Description

This security bulletin contains information about 12 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2017-6298)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked."

2) Infinite loop (CVE-ID: CVE-2017-6299)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c." <a href="http://cwe.mitre.org/data/definitions/835.html" rel="nofollow">CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')</a>

3) Buffer overflow (CVE-ID: CVE-2017-6300)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in lib/tnef-types.h."

4) Out-of-bounds read (CVE-ID: CVE-2017-6301)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads."

5) Integer overflow (CVE-ID: CVE-2017-6302)

The vulnerability allows a local authenticated user to execute arbitrary code.

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow."

6) Integer overflow (CVE-ID: CVE-2017-6303)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow."

7) Out-of-bounds read (CVE-ID: CVE-2017-6304)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read."

8) Out-of-bounds read (CVE-ID: CVE-2017-6305)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write."

9) Path traversal (CVE-ID: CVE-2017-6306)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."

10) Out-of-bounds read (CVE-ID: CVE-2017-6800)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef.

11) Out-of-bounds read (CVE-ID: CVE-2017-6801)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef.

12) Out-of-bounds read (CVE-ID: CVE-2017-6802)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef. A remote attacker can perform a denial of service attack.

Remediation

Install update from vendor's website.

References

• https://ubuntu.com/security/notices/USN-4615-1