PublicDateAtUSN: 2017-01-17
Candidate: CVE-2017-0357
PublicDate: 2018-04-13 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0357
 https://gitlab.com/iucode-tool/iucode-tool/issues/3
 https://ubuntu.com/security/notices/USN-3186-1
Description:
 A heap-overflow flaw exists in the -tr loader of iucode-tool starting with
 v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption.
Ubuntu-Description:
Notes:
 mdeslaur> 1.4 and higher
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_iucode-tool:
 upstream: https://gitlab.com/iucode-tool/iucode-tool/uploads/2dfd5f52b8dc5c42ad7e52123c535051/iucode-tool_fix-cve-2017-0357.patch
 upstream: https://gitlab.com/iucode-tool/iucode-tool/commit/e5e14bfd0427dca80ee19780af57c60eef3577e0
upstream_iucode-tool: released (2.1.1-1)
precise_iucode-tool: DNE
trusty_iucode-tool: not-affected (1.0.1-1)
trusty/esm_iucode-tool: DNE (trusty was not-affected [1.0.1-1])
vivid/stable-phone-overlay_iucode-tool: DNE
vivid/ubuntu-core_iucode-tool: DNE
xenial_iucode-tool: released (1.5.1-1ubuntu0.1)
esm-infra/xenial_iucode-tool: released (1.5.1-1ubuntu0.1)
yakkety_iucode-tool: released (1.6.1-1ubuntu0.1)
devel_iucode-tool: not-affected (2.1.1-1)