Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2017-0174)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2017.0174

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2017-0174)

Resumen: The remote host is missing an update for the 'libytnef' package(s) announced via the MGASA-2017-0174 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libytnef' package(s) announced via the MGASA-2017-0174 advisory.

Vulnerability Insight:
Several issues were discovered in libytnef, a library used to decode
application/ms-tnef e-mail attachments. Multiple heap overflows,
out-of-bound writes and reads, NULL pointer dereferences and infinite
loops could be exploited by tricking a user into opening a maliciously
crafted winmail.dat file (CVE-2017-6298, CVE-2017-6299, CVE-2017-6300,
CVE-2017-6301, CVE-2017-6302, CVE-2017-6303, CVE-2017-6304,
CVE-2017-6305, CVE-2017-6306, CVE-2017-6800, CVE-2017-6801,
CVE-2017-6802).

A heap-buffer-overflow vulnerability in libytnef due to an incorrect
boundary checking in SIZECHCK macro in lib/ytnef.c (CVE-2017-9058).

Affected Software/OS:
'libytnef' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-6298
BugTraq ID: 96423
http://www.securityfocus.com/bid/96423
Debian Security Information: DSA-3846 (Google Search)
http://www.debian.org/security/2017/dsa-3846
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/
http://www.openwall.com/lists/oss-security/2017/02/15/4
https://github.com/Yeraze/ytnef/pull/27
https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
Common Vulnerability Exposure (CVE) ID: CVE-2017-6299
Common Vulnerability Exposure (CVE) ID: CVE-2017-6300
Common Vulnerability Exposure (CVE) ID: CVE-2017-6301
Common Vulnerability Exposure (CVE) ID: CVE-2017-6302
Common Vulnerability Exposure (CVE) ID: CVE-2017-6303
Common Vulnerability Exposure (CVE) ID: CVE-2017-6304
Common Vulnerability Exposure (CVE) ID: CVE-2017-6305
Common Vulnerability Exposure (CVE) ID: CVE-2017-6306
Common Vulnerability Exposure (CVE) ID: CVE-2017-6800
Common Vulnerability Exposure (CVE) ID: CVE-2017-6801
Common Vulnerability Exposure (CVE) ID: CVE-2017-6802
Common Vulnerability Exposure (CVE) ID: CVE-2017-9058
https://usn.ubuntu.com/3667-1/

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2017.0174
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2017-0174)
Resumen:	The remote host is missing an update for the 'libytnef' package(s) announced via the MGASA-2017-0174 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libytnef' package(s) announced via the MGASA-2017-0174 advisory. Vulnerability Insight: Several issues were discovered in libytnef, a library used to decode application/ms-tnef e-mail attachments. Multiple heap overflows, out-of-bound writes and reads, NULL pointer dereferences and infinite loops could be exploited by tricking a user into opening a maliciously crafted winmail.dat file (CVE-2017-6298, CVE-2017-6299, CVE-2017-6300, CVE-2017-6301, CVE-2017-6302, CVE-2017-6303, CVE-2017-6304, CVE-2017-6305, CVE-2017-6306, CVE-2017-6800, CVE-2017-6801, CVE-2017-6802). A heap-buffer-overflow vulnerability in libytnef due to an incorrect boundary checking in SIZECHCK macro in lib/ytnef.c (CVE-2017-9058). Affected Software/OS: 'libytnef' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6298 BugTraq ID: 96423 http://www.securityfocus.com/bid/96423 Debian Security Information: DSA-3846 (Google Search) http://www.debian.org/security/2017/dsa-3846 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/ http://www.openwall.com/lists/oss-security/2017/02/15/4 https://github.com/Yeraze/ytnef/pull/27 https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ Common Vulnerability Exposure (CVE) ID: CVE-2017-6299 Common Vulnerability Exposure (CVE) ID: CVE-2017-6300 Common Vulnerability Exposure (CVE) ID: CVE-2017-6301 Common Vulnerability Exposure (CVE) ID: CVE-2017-6302 Common Vulnerability Exposure (CVE) ID: CVE-2017-6303 Common Vulnerability Exposure (CVE) ID: CVE-2017-6304 Common Vulnerability Exposure (CVE) ID: CVE-2017-6305 Common Vulnerability Exposure (CVE) ID: CVE-2017-6306 Common Vulnerability Exposure (CVE) ID: CVE-2017-6800 Common Vulnerability Exposure (CVE) ID: CVE-2017-6801 Common Vulnerability Exposure (CVE) ID: CVE-2017-6802 Common Vulnerability Exposure (CVE) ID: CVE-2017-9058 https://usn.ubuntu.com/3667-1/
Copyright	Copyright (C) 2022 Greenbone AG