FS#70056 : [libytnef] [Security] arbitrary code execution (CVE-2021-3404 CVE-2021-3403)

FS#70056 - [libytnef] [Security] arbitrary code execution (CVE-2021-3404 CVE-2021-3403)

Attached to Project: Arch Linux
Opened by Jonas Witschel (diabonas) - Thursday, 18 March 2021, 11:23 GMT
Last edited by Jan Alexander Steffens (heftig) - Thursday, 18 March 2021, 16:32 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Jan de Groot (JGC) Jan Alexander Steffens (heftig)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Summary
=======

The package libytnef is vulnerable to arbitrary code execution via CVE-2021-3404 and CVE-2021-3403.

Guidance
========

The issues are fixed by applying the two commits ca0f16eeb5d282556437cae63b3f35e8b6a54f74 and 216377b1dd6927cddcd0a12fe0525aa9aecc7538 referenced below.

References
==========

https://security.archlinux.org/AVG-1552
https://bugzilla.redhat.com/show_bug.cgi?id=1926965
https://github.com/Yeraze/ytnef/issues/86
https://github.com/Yeraze/ytnef/pull/88
https://github.com/Yeraze/ytnef/commit/ca0f16eeb5d282556437cae63b3f35e8b6a54f74
https://bugzilla.redhat.com/show_bug.cgi?id=1926967
https://github.com/Yeraze/ytnef/issues/85
https://github.com/Yeraze/ytnef/pull/87
https://github.com/Yeraze/ytnef/commit/216377b1dd6927cddcd0a12fe0525aa9aecc7538

This task depends upon

Closed by Jan Alexander Steffens (heftig)
Thursday, 18 March 2021, 16:32 GMT
Reason for closing: Fixed
Additional comments about closing: libytnef 1:1.9.3-1 (epoch bumped)

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#70056 - [libytnef] [Security] arbitrary code execution (CVE-2021-3404 CVE-2021-3403)

Details

Loading...