|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200504-02] Sylpheed, Sylpheed-claws: Buffer overflow on message display Vulnerability Scan
Vulnerability Scan Summary Sylpheed, Sylpheed-claws: Buffer overflow on message display
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200504-02
(Sylpheed, Sylpheed-claws: Buffer overflow on message display)
Sylpheed and Sylpheed-claws fail to properly handle messages
containing attachments with MIME-encoded filenames.
Impact
A possible hacker can send a malicious email message which, when
displayed, would cause the program to crash, potentially allowing the
execution of arbitrary code with the rights of the user running the
software.
Workaround
There is no known workaround at this time.
References:
http://sylpheed.good-day.net/#changes
Solution:
All Sylpheed users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/sylpheed-1.0.4"
All Sylpheed-claws users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/sylpheed-claws-1.0.4"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|