openSUSE Security Update: update for bogofilter
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2013:0166-1
Rating:             important
References:         #792939 
Cross-References:   CVE-2010-2494
Affected Products:
                    openSUSE 11.4/standard/i586/patchinfo.28
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   - Update to version 1.2.3.
   * Update configure.ac to avoid autoconf 2.68 warnings, by
   (a) quoting the first AC_RUN_IFELSE argument, an
   AC_LANG_PROGRAM(), with [ ], and (b) providing an
   explicit "true" assumption for Berkeley DB capabilities
   to avoid cross-compilation warnings.
   * Security bugfix; (bnc#792939), Fix a heap corruption in
   base64 decoder on invalid input.
      2-01
   * Added bogofilter-faq-bg.html, a Bulgarian translation
   of the FAQ.
   * Mark "Berkeley DB 5.1.19: (August 27, 2010)" supported.
   - Update to version 1.2.2.
   * Use a better PRNG for random sleeps. That is
   arc4random() where available, and drand48() elsewhere.
   * Assorted fixes for issues found with clang analyzer:
   + Fix a potential NULL deference
   + Fix a potential division by zero
   + Remove dead assignments and increments
   * Update Doxyfile and source contrib/bogogrep.c for docs,
   too.
   * Security bugfix, CVE-2010-2494: Fix a heap corruption
   in base64 decoder on invalid input. Analysis and patch
   by Julius Plenz <plenz@cis.fu-berlin.de>. Please
   see doc/bogofilter-SA-2010-01 for details.
   * Updated sendmail milter contrib/bogofilter-milter.pl to
   v1.??????
   * Bump supported/minimum SQLite3 versions and warning
   threshold. See doc/README.sqlite for details.
   * Mark BerkeleyDB 4.8.26 and 5.0.21 supported.
   * Make t.maint more robust; ignore .ENCODING token. To
   fix test failures on, for instance, FreeBSD with
   unicode enabled.
   * Fix several compiler warnings "array subscript has type
   'char'", by casting the arguments to unsigned char.
   * Split error messages for ENOENT and EINVAL into new
   function.
   * Avoid divison by zero in robx computation by checking
   if there are at least one ham message and one spam
   message registered.
   * contrib/spamitarium.pl updated to version 0.4.0
   * Updated and integrated Ted Phelps's "Patch to prevent
   .ENCODING from being discarded by bogoutil -m"
   (SourceForge Patch #1743984).
   - remove call to suse_update_config (very old work around)
   - Remove redundant tags/sections from specfile
   - Use %_smp_mflags for parallel build


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 11.4/standard/i586/patchinfo.28:

      zypper in -t patch 2012-21

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 11.4/standard/i586/patchinfo.28 (i586 x86_64):

      bogofilter-1.2.3-12.1
      bogofilter-debuginfo-1.2.3-12.1
      bogofilter-debugsource-1.2.3-12.1


References:

   https://www.suse.com/security/cve/CVE-2010-2494.html
   https://bugzilla.novell.com/792939

--

openSUSE: 2013:0166-1: important: bogofilter

January 23, 2013
An update that fixes one vulnerability is now available.

Description

- Update to version 1.2.3. * Update configure.ac to avoid autoconf 2.68 warnings, by (a) quoting the first AC_RUN_IFELSE argument, an AC_LANG_PROGRAM(), with [ ], and (b) providing an explicit "true" assumption for Berkeley DB capabilities to avoid cross-compilation warnings. * Security bugfix; (bnc#792939), Fix a heap corruption in base64 decoder on invalid input. 2-01 * Added bogofilter-faq-bg.html, a Bulgarian translation of the FAQ. * Mark "Berkeley DB 5.1.19: (August 27, 2010)" supported. - Update to version 1.2.2. * Use a better PRNG for random sleeps. That is arc4random() where available, and drand48() elsewhere. * Assorted fixes for issues found with clang analyzer: + Fix a potential NULL deference + Fix a potential division by zero + Remove dead assignments and increments * Update Doxyfile and source contrib/bogogrep.c for docs, too. * Security bugfix, CVE-2010-2494: Fix a heap corruption in base64 decoder on invalid input. Analysis and patch by Julius Plenz <plenz@cis.fu-berlin.de>. Please see doc/bogofilter-SA-2010-01 for details. * Updated sendmail milter contrib/bogofilter-milter.pl to v1.?????? * Bump supported/minimum SQLite3 versions and warning threshold. See doc/README.sqlite for details. * Mark BerkeleyDB 4.8.26 and 5.0.21 supported. * Make t.maint more robust; ignore .ENCODING token. To fix test failures on, for instance, FreeBSD with unicode enabled. * Fix several compiler warnings "array subscript has type 'char'", by casting the arguments to unsigned char. * Split error messages for ENOENT and EINVAL into new function. * Avoid divison by zero in robx computation by checking if there are at least one ham message and one spam message registered. * contrib/spamitarium.pl updated to version 0.4.0 * Updated and integrated Ted Phelps's "Patch to prevent .ENCODING from being discarded by bogoutil -m" (SourceForge Patch #1743984). - remove call to suse_update_config (very old work around) - Remove redundant tags/sections from specfile - Use %_smp_mflags for parallel build

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4/standard/i586/patchinfo.28: zypper in -t patch 2012-21 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 11.4/standard/i586/patchinfo.28 (i586 x86_64): bogofilter-1.2.3-12.1 bogofilter-debuginfo-1.2.3-12.1 bogofilter-debugsource-1.2.3-12.1


References

https://www.suse.com/security/cve/CVE-2010-2494.html https://bugzilla.novell.com/792939--


Severity
Announcement ID: openSUSE-SU-2013:0166-1
Rating: important
Affected Products: openSUSE 11.4/standard/i586/patchinfo.28

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved