Gentoo: GLSA-201606-11: claws-mail: Multiple Vulnerabilities
Summary
Multiple vulnerabilities have been discovered in claws-mail. Please review the CVE identifiers referenced below for details.
Resolution
All claws-mail users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/claws-mail-3.13.2"
References
[ 1 ] CVE-2014-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3566 [ 2 ] CVE-2015-8614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8614 [ 3 ] CVE-2015-8614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8614 [ 4 ] CVE-2015-8708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8708 [ 5 ] CVE-2015-8708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8708
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-11
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
Synopsis
Multiple vulnerabilities have been found in claws-mail, particularly in the default SSL implementation.
Background
Claws Mail is a GTK based e-mail client.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/claws-mail < 3.13.2 >= 3.13.2
Impact
===== An attacker could possibly intercept communications due to the default implementation of SSL 3.0.
Workaround
There is no known workaround at this time.