GLSA Administrator
Joined: 27 Jun 2003 Posts: 4975 Location: Gothenburg, Sweden
|
Posted: Sat Apr 02, 2005 7:24 pm Post subject: [ GLSA 200504-02 ] Sylpheed, Sylpheed-claws: Buffer overflow |
|
|
Gentoo Linux Security Advisory
Title: Sylpheed, Sylpheed-claws: Buffer overflow on message display (GLSA 200504-02)
Severity: normal
Exploitable: remote
Date: April 02, 2005
Bug(s): #86541
ID: 200504-02
Synopsis
Sylpheed and Sylpheed-claws contain a vulnerability that can be triggered
when displaying messages with specially crafted attachments.
Background
Sylpheed is a lightweight email client and newsreader.
Sylpheed-claws is a 'bleeding edge' version of Sylpheed.
Affected Packages
Package: mail-client/sylpheed
Vulnerable: < 1.0.4
Unaffected: >= 1.0.4
Architectures: All supported architectures
Package: mail-client/sylpheed-claws
Vulnerable: < 1.0.4
Unaffected: >= 1.0.4
Architectures: All supported architectures
Description
Sylpheed and Sylpheed-claws fail to properly handle messages
containing attachments with MIME-encoded filenames.
Impact
An attacker can send a malicious email message which, when
displayed, would cause the program to crash, potentially allowing the
execution of arbitrary code with the privileges of the user running the
software.
Workaround
There is no known workaround at this time.
Resolution
All Sylpheed users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/sylpheed-1.0.4" |
All Sylpheed-claws users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/sylpheed-claws-1.0.4" |
References
Sylpheed ChangeLog
Last edited by GLSA on Tue Oct 05, 2010 4:19 am; edited 3 times in total |
|