Bug 20790

Summary: tnef security vulnerability CVE-2017-6307, CVE-2017-6308, CVE-2017-6309, CVE-2017-6310.
Product: Mageia Reporter: Zombie Ryushu <zombie_ryushu>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact:
Severity: normal    
Priority: Normal CC: marja11
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://www.debian.org/security/2017/dsa-3798
Whiteboard:
Source RPM: tnef CVE:
Status comment:

Description Zombie Ryushu 2017-05-06 09:42:35 CEST 
Eric Sesterhenn, from X41 D-Sec GmbH, discovered several vulnerabilities in tnef, a tool used to unpack MIME attachments of type "application/ms-tnef". Multiple heap overflows, type confusions and out of bound reads and writes could be exploited by tricking a user into opening a malicious attachment. This would result in denial of service via application crash, or potential arbitrary code execution.
Zombie Ryushu 2017-05-06 09:43:46 CEST

URL: (none) => https://www.debian.org/security/2017/dsa-3798

Comment 1 Marja Van Waes 2017-05-06 23:50:14 CEST 
Thanks for your concern, Zombie, but this already got fixed

*** This bug has been marked as a duplicate of bug 20343 ***

CC: (none) => marja11
Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED