========================================================================== Ubuntu Security Notice USN-4524-1 September 21, 2020 tnef vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: TNEF could be made to crash or write arbitrary files to the filesystem. Software Description: - tnef: Tool to unpack MIME application/ms-tnef attachments Details: Paul Dreik discovered that TNEF incorrectly handled filenames. If a user were tricked into opening a specially crafted email attachment, an attacker could possibly use this issue to write arbitrary files to the filesystem or cause TNEF crash, resulting in a denial of service. (CVE-2019-18849) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: tnef 1.4.9-1+deb8u4build0.16.04.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4524-1 CVE-2019-18849 Package Information: https://launchpad.net/ubuntu/+source/tnef/1.4.9-1+deb8u4build0.16.04.1