CVE-2017-6306 in Ubuntu

CVE-2017-6306

Priority

Medium

Description

An issue was discovered in ytnef before 1.9.1. This is related to a patch
described as "9 of 9. Directory Traversal using the filename;
SanitizeFilename function in settings.c."

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306
https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
http://www.openwall.com/lists/oss-security/2017/02/15/4
https://github.com/Yeraze/ytnef/pull/27
http://www.ubuntu.com/usn/usn-3288-1

Package

Source: libytnef (LP Ubuntu Debian)

Upstream:	released (1.9.1-1)
Ubuntu 17.10 (Artful Aardvark):	not-affected (1.9.1-1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was needs-triage)
Ubuntu 14.04 LTS (Trusty Tahr):	released (1.5-6ubuntu0.1)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 17.04 (Zesty Zapus):	not-affected (1.9.1-1)

Patches:

Upstream:

https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2017-08-11 23:26:02 UTC (commit 13081)