Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 8 May 2017 09:00:05 -0400
From: "Perry E. Metzger" <perry@...rmont.com>
To: <oss-security@...ts.openwall.com>
Subject: libetpan: NULL dereference vulnerability

A NULL dereference vulnerability has been found in the MIME handling
code of LibEtPan, a C language mail access and handling library that
is used in a number of MUAs.

Versions 1.7.2 and earlier are affected.

This bug has been assigned CVE-2017-8825.

Hoa Viet Dinh, the author of the library, has released LibEtPan 1.8,
which fixes the bug. It may be found at:

https://github.com/dinhviethoa/libetpan/releases

See:
https://github.com/dinhviethoa/libetpan/issues/274
for details on the vulnerability.

Upstream users that wish to patch only this particular problem may
find the fix at:

https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d

Thanks to Ryan Whitworth for uncovering this problem with
American Fuzzy Lop.


-- 
Perry E. Metzger		perry@...rmont.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ