Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

openSUSE: 2020:1822-1 Moderate: Claws-Mail Security Issue

opensuse
Calendar Grey November 3, 2020
Dist Opensuse Esm H88
Essential patch released for claws-mail on openSUSE, targeting security issues and improving overall performance.
An update that solves one vulnerability and has one errata is now available.

Description

This update for claws-mail fixes the following issues:

- Additional cleanup of the template handling

claws-mail was updated to 3.17.8 (boo#1177967)

* Shielded template's |program{} and |attach_program{} so that the

command-line that is executed does not allow sequencing such as with

&& || ;, preventing possible execution of nasty, or at least

unexpected, commands

* bug fixes: claws#4376

* updated English, French, and Spanish manuals

- Update to 3.17.7

* Image Viewer: Image attachments, when displayed, are now resized to

fit the available width rather than the available height.

* -d is now an alias to --debug.

* Libravatar plugin: New styles supported: Robohash and Pagan.

* SpamAssassin plugin: The 'Maximum size' option now matches

SpamAssassin's maximum; it can now handle messages up to 256MB.

* LiteHTML viewer plugin: The UI is now translatable. Bug fixes:

* bug 4313, 'Recursion stack...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate vulnerability threat mitigation openSUSE claws-mail

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1822=1

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-1822=1

- openSUSE Backports SLE-15-SP2:

zypper in -t patch openSUSE-2020-1822=1

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-1822=1

Package List

- openSUSE Leap 15.2 (noarch):

claws-mail-lang-3.17.8-lp152.3.6.1

- openSUSE Leap 15.2 (x86_64):

claws-mail-3.17.8-lp152.3.6.1

claws-mail-debuginfo-3.17.8-lp152.3.6.1

claws-mail-debugsource-3.17.8-lp152.3.6.1

claws-mail-devel-3.17.8-lp152.3.6.1

- openSUSE Leap 15.1 (x86_64):

claws-mail-3.17.8-lp151.2.6.1

claws-mail-debuginfo-3.17.8-lp151.2.6.1

claws-mail-debugsource-3.17.8-lp151.2.6.1

claws-mail-devel-3.17.8-lp151.2.6.1

- openSUSE Leap 15.1 (noarch):

claws-mail-lang-3.17.8-lp151.2.6.1

- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):

claws-mail-3.17.8-bp152.3.6.1

claws-mail-debuginfo-3.17.8-bp152.3.6.1

claws-mail-debugsource-3.17.8-bp152.3.6.1

claws-mail-devel-3.17.8-bp152.3.6.1

- openSUSE Backports SLE-15-SP2 (noarch):

claws-mail-lang-3.17.8-bp152.3.6.1

- openSUSE Backports SLE-15-SP1 (x86_64):

claws-mail-3.17.8-bp151.3.6.1

claws-mail-devel-3.17.8-bp151.3.6.1

- openSUSE Backports SLE-15-SP1 (noarch):

claws-mail-lang-3.17.8-bp151.3.6.1

References

https://www.suse.com/security/cve/CVE-2020-15917.html

https://bugzilla.suse.com/1157594

https://bugzilla.suse.com/1177967

--

Announcement ID: openSUSE-SU-2020:1822-1
Rating: moderate
Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 openSUSE Backports SLE-15-SP2 openSUSE Backports SLE-15-SP1 le.

Topics%20covered

Topics Covered

security advisory moderate vulnerability threat mitigation openSUSE claws-mail

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here