Fedora has issued an advisory on July 5: http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083853.html Patched package uploaded for Mageia 1, Mageia 2, and Cauldron. Note to QA: reproducer instructions are on the RedHat bug: https://bugzilla.redhat.com/show_bug.cgi?id=831322 Advisory: ======================== Updated libytnef package fixes security vulnerability: Function DecompressRTF() in libytnef 1.5 leads to a buffer overflow on certain TNEF files (presumably, on files, generated by some recent versions of MS software). References: http://sourceforge.net/tracker/?func=detail&aid=2949686&group_id=70352&atid=527487 http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083853.html ======================== Updated packages in core/updates_testing: ======================== libytnef0-1.5-5.5.mga1 libytnef-devel-1.5-5.5.mga1 libytnef0-1.5-5.5.mga2 libytnef-devel-1.5-5.5.mga2 from SRPMS: libytnef-1.5-5.1.mga1.src.rpm libytnef-1.5-5.1.mga2.src.rpm
Whiteboard: (none) => MGA1TOO
CC: (none) => stormiWhiteboard: MGA1TOO => MGA1TOO has_procedure
Testing complete on Mageia 1 32 bits. --- Detailed procedure --- Before installing the update candidate: wget "http://sourceforge.net/tracker/download.php?group_id=70352&atid=533948&file_id=53396&aid=756215" -O winmail.dat then install the fedora ytnef package, since we don't have it on Mageia. http://rpm.pbone.net/index.php3?stat=3&search=ytnef then: ytnefprint winmail.dat # crashes then install the update candidate "urpmi libytnef0 --media 'Updates Testing'" ytnefprint winmail.dat # doesn't crash anymore
Whiteboard: MGA1TOO has_procedure => MGA1TOO has_procedure MGA1-32-OK
Testing complete on Mageia 2 32 bits.
Whiteboard: MGA1TOO has_procedure MGA1-32-OK => MGA1TOO has_procedure MGA1-32-OK MGA2-32-OK
Testing complete on Mageia 1 64 bits. We need a tester for Mageia 2 64 and the update can go.
Whiteboard: MGA1TOO has_procedure MGA1-32-OK MGA2-32-OK => MGA1TOO has_procedure MGA1-32-OK MGA2-32-OK MGA1-64-OK
I did before : wget "http://sourceforge.net/tracker/download.php?group_id=70352&atid=533948&file_id=53396&aid=756215" -O winmail.dat Then I downloaded and installed : Fedora 16 download.fedora.redhat.com/pub/fedora/linux/releases/16/Everything/x86_64/os/Packages/ytnef-2.6-6.fc15.x86_64.rpm Test pre-update ok. Crash as expected. ytnefprint winmail.dat" ...... -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- *** buffer overflow detected ***: ytnefprint terminated ======= Backtrace: ========= So I enabled and updated testing repos and did the ytnef update to fix it. It works, and the end of "ytnefprint winmail.dat" [1] [File ] ZAPPA_~2.JPG Modified on: Monday April 7, 2003 10:35:38 am MAPI Properties: 18 Attachment Size: 2937b File saves as [zappa_av1.jpg] [2] [File ] bookmark.htm Modified on: Tuesday June 17, 2003 10:22:41 am MAPI Properties: 18 Attachment Size: 85805b File saves as [bookmark.htm] So on x86_64 it's validated Bye Stblack
CC: (none) => stblack
Whiteboard: MGA1TOO has_procedure MGA1-32-OK MGA2-32-OK MGA1-64-OK => MGA1TOO has_procedure MGA1-32-OK MGA2-32-OK MGA1-64-OK MGA2-64-OK
Update validated. See comment #0 for advisory and packages. Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0201
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
FYI. This one got CVE-2010-5109
CC: (none) => oe