Joined: 12 May 2004
|Posted: Thu Aug 17, 2017 3:26 am Post subject: [ glsa 201708-02 ] tnef
|Gentoo Linux Security Advisory
Title: TNEF: Multiple vulnerabilities (GLSA 201708-02)
Bug(s): #611426, #618658
Multiple vulnerabilities have been found in TNEF, the worst of
which allows remote attackers to cause a Denial of Service condition.
TNEF is a program for unpacking MIME attachments of type
Vulnerable: < 1.4.15
Unaffected: >= 1.4.15
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in TNEF. Please review the
CVE identifiers referenced below for details.
A remote attacker could entice a user to process a specially crafted
MIME attachment of type “application/ms-tnef” using TNEF, possibly
resulting in a Denial of Service condition.
There is no known workaround at this time.
All TNEF users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/tnef-1.4.15"
Last edited by GLSA on Fri Sep 29, 2017 4:16 am; edited 1 time in total