Bug 20893

I pushed a patch to cauldron, but still have a build issue to revert to 1.9.2 wrt version.

I've pushed the update (1.5-10.2) to mga5 in updates_testing as this one doesn't create any problem of version.

I've asked for a freeze push of the cauldron version as well now.

Thanks Bruno!

Advisory:
========================

Updated libytnef packages fix security vulnerability:

A heap-buffer-overflow vulnerability in libytnef due to an incorrect boundary
checking in SIZECHCK macro in lib/ytnef.c (CVE-2017-9058).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9058
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862556
========================

Updated packages in core/updates_testing:
========================
libytnef0-1.5-10.2.mga5
libytnef-devel-1.5-10.2.mga5

from libytnef-1.5-10.2.mga5.src.rpm

CC: (none) => bruno
Assignee: bruno => qa-bugs

Full advisory including the already-tested fixes from Bug 20299.

Advisory:
========================

Updated libytnef packages fix security vulnerabilities:

Several issues were discovered in libytnef, a library used to decode
application/ms-tnef e-mail attachments. Multiple heap overflows, out-of-bound
writes and reads, NULL pointer dereferences and infinite loops could be
exploited by tricking a user into opening a maliciously crafted winmail.dat
file (CVE-2017-6298, CVE-2017-6299, CVE-2017-6300, CVE-2017-6301,
CVE-2017-6302, CVE-2017-6303, CVE-2017-6304, CVE-2017-6305, CVE-2017-6306,
CVE-2017-6800, CVE-2017-6801, CVE-2017-6802).

A heap-buffer-overflow vulnerability in libytnef due to an incorrect boundary
checking in SIZECHCK macro in lib/ytnef.c (CVE-2017-9058).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9058
http://openwall.com/lists/oss-security/2017/02/15/4
https://www.debian.org/security/2017/dsa-3846
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862556

Testing M5 x64

Updated (from 1.5-10) to : lib64ytnef0-1.5-10.2.mga5
Following earlier libytnef update 20299 I just played with Evolution under strace;
I created an e-mail account, and read from it.

 $ strace evolution 2>&1 | grep ytnef
open("/usr/lib64/evolution/libytnef.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/lib64/libytnef.so.0", O_RDONLY|O_CLOEXEC) = 17

Lacking M$ correspondants, OK. Advisory to follow.

CC: (none) => lewyssmith
Whiteboard: (none) => MGA5-64-OK

MGA5-32 on Asus A6000VM Xfce
No installation issues.
strace evolution 2>&1 | grep ytnef
open("/usr/lib/evolution/libytnef.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/lib/libytnef.so.0", O_RDONLY|O_CLOEXEC) = 21
when opening evolution, received new message OK.

Whiteboard: MGA5-64-OK advisory => MGA5-64-OK MGA5-32-OK advisory
CC: (none) => herman.viaene

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0174.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED