KDE Project Security Advisory: ktnef: Directory Traversal

Bug #1668552 reported by Philip Muškovac
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kdepim (Ubuntu)
Undecided
Unassigned
Trusty
Undecided
Unassigned
ktnef (Ubuntu)
High
Kubuntu Developers
Xenial
High
Unassigned
Yakkety
High
Unassigned

Bug Description

KDE Project Security Advisory
=============================

Title: ktnef: Directory Traversal
Risk Rating: Medium
CVE: TBC
Versions: ktnef <= 5.4.2 (KDE Applications 16.12.2)
Date: 27 February 2017

Overview
========
A directory traversal issue was found in ktnef which can
be exploited by tricking a user into opening a malicious winmail.dat file.
The issue allows to write files with the permission of the user opening
the winmail.dat file during extraction.

Solution
========
Update to ktnef >= 5.4.3 (KDE Applications 16.12.3) (when released)

Or apply the following patch:
https://commits.kde.org/ktnef/4ff38aa15487d69021aacad4b078500f77fb4ae8

Philip Muškovac (yofel)
tags: added: kubuntu
Philip Muškovac (yofel)
Changed in kdepim (Ubuntu):
status: New → Invalid
no longer affects: kdepim (Ubuntu Xenial)
no longer affects: kdepim (Ubuntu Yakkety)
no longer affects: ktnef (Ubuntu Trusty)
Revision history for this message
vishnunaini (visred) wrote :

debdiff for yakkety is included in the attachment.

Changed in ktnef (Ubuntu Xenial):
status: New → Confirmed
Changed in ktnef (Ubuntu Yakkety):
status: New → Confirmed
Revision history for this message
vishnunaini (visred) wrote :

Xenial is in kdepim not ktnef.

Changed in ktnef (Ubuntu Xenial):
status: Confirmed → New
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

ACK on the debdiff in comment #1, I've uploaded packages for building to yakkety and zesty with a slight changelog whitespace and pocket change. The yakkety package will be published as a security update as soon as it's built. Thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ktnef - 4:16.04.3-0ubuntu2

---------------
ktnef (4:16.04.3-0ubuntu2) zesty; urgency=medium

  * SECURITY UPDATE: Malicious writes during directory traversal.
      - debian/patches/directory-traversal.patch
      - Thanks to Eric Sesterhenn for reporting this issue, Albert Astals
        Cid for fixing this issue.
      - No CVE number.
      - fixes (LP: #1668552)

 -- <email address hidden> (v.naini) Wed, 01 Mar 2017 13:53:49 +0530

Changed in ktnef (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Philip Muškovac (yofel) wrote :

Ktnef exists in xenial and should be affected the same. As for kdepim, I made a mistake when looking at the contents. The code is rather different, so if the old ktnef from kdepim is affected then this is relevant for trusty *and* xenial, not just trusty.

Mathew Hodson (mhodson)
Changed in ktnef (Ubuntu Xenial):
importance: Undecided → High
Changed in ktnef (Ubuntu Yakkety):
importance: Undecided → High
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ktnef - 4:16.04.3-0ubuntu1.1

---------------
ktnef (4:16.04.3-0ubuntu1.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: Malicious writes during directory traversal.
      - debian/patches/directory-traversal.patch
      - Thanks to Eric Sesterhenn for reporting this issue, Albert Astals
        Cid for fixing this issue.
      - No CVE number.
      - fixes (LP: #1668552)

 -- <email address hidden> (v.naini) Wed, 01 Mar 2017 13:53:49 +0530

Changed in ktnef (Ubuntu Yakkety):
status: Confirmed → Fix Released
Revision history for this message
vishnunaini (visred) wrote :

debdiff for ktnef in xenial is attached.

kdepim also needs to patched both in xenial and trusty.

Revision history for this message
vishnunaini (visred) wrote :

I cannot make debdiffs' for kdepim as I am not sure if the patch is compatible. Someone familiar with the code should patch it.

Changed in ktnef (Ubuntu Xenial):
status: New → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ktnef - 4:15.12.3-0ubuntu1.1

---------------
ktnef (4:15.12.3-0ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Malicious writes during directory traversal.
      - debian/patches/directory-traversal.patch
      - Thanks to Eric Sesterhenn for reporting this issue, Albert Astals
        Cid for fixing this issue.
      - No CVE number.
      - fixes (LP: #1668552)

 -- <email address hidden> (v.naini) Thu, 02 Mar 2017 20:58:12 +0530

Changed in ktnef (Ubuntu Xenial):
status: Confirmed → Fix Released
Emily Ratliff (emilyr)
Changed in kdepim (Ubuntu Trusty):
status: New → Incomplete
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Since there is nothing left to sponsor, I am unsubscribing ubuntu-security-sponsors. Please re-subscribe the group when attaching another debdiff. Thanks!

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers