Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Gentoo 200801-03 Advisory: Claws Mail Vulnerability in Symlink Attack

gentoo
Calendar Grey January 9, 2008
Dist Gentoo Esm H88
Claws Mail for Gentoo Linux is vulnerable to a symlink attack stemming from improper handling of temporary files. It is advised to apply the latest updates.
Claws Mail uses temporary files in an insecure manner, allowing for a symlink attack.

Summary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gentoo Linux Security Advisory GLSA 200801-03 https://security.gentoo.org/

  Severity: Normal
     Title: Claws Mail: Insecure temporary file creation
      Date: January 09, 2008
      Bugs: #201244
        ID: 200801-03


Synopsis
=======
Claws Mail uses temporary files in an insecure manner, allowing for a
symlink attack.

Background
=========
Claws Mail is a GTK based e-mail client.

Affected packages
================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/claws-mail < 3.0.2-r1 >= 3.0.2-r1

==========
Nico Golde from Debian reported that the sylprint.pl script that is
part of the Claws Mail tools creates temporary files in an insecure
manner.

Impact
=====
A loc...
Read the Full Advisory
Topics%20covered

Topics Covered

security advisory gentoo software update symlink attack insecure file creation normal severity Claws Mail

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo software update symlink attack insecure file creation normal severity Claws Mail

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here