Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisorysecurity issueupdateFedora 33: FEDORA-2020-1f60842034 Moderate: Claws Mail Stack Consumption
Update to 3.17.7 -- . --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-1f60842034 2020-10-23 22:01:02.258401 --------------------------------------------------------------------------------Name : claws-mail Product : Fedora 33 Version : 3.17.7 Release : 1.fc33 URL : Summary : Email client and news reader based on GTK+ Description : Claws Mail is an email client (and news reader), based on GTK+, featuring quick response, graceful and sophisticated interface, easy configuration, intuitive operation, abundant features, and extensibility. --------------------------------------------------------------------------------Update Information: Update to 3.17.7 -- --------------------------------------------------------------------------------ChangeLog: * Mon Sep 28 2020 Michael Schwendt - 3.17.7-1 - Update to 3.17.7. Also for CVE-2020-16094. --------------------------------------------------------------------------------References: [ 1 ] Bug #1861975 - CVE-2020-16094 claws-mail: malicious IMAP server can trigger stack consumption https://bugzilla.redhat.com/show_bug.cgi?id=1861975 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-1f60842034' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 23, 2020
Fedora
203
security advisoryupdatemalicious serverMageia: 2020-0391 Moderate: Claws Mail Stack Consumption Issue
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree (CVE-2020-16094). References: . MGASA-2020-0391 - Updated claw-mail packages fix a security vulnerability Publication date: 21 Oct 2020 URL: https://advisories.mageia.org/MGASA-2020-0391.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-16094 In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree (CVE-2020-16094). References: - https://bugs.mageia.org/show_bug.cgi?id=27427 - https://lists.fedoraproject.org/archives/list/
Oct 21, 2020
Mageia
91
security advisorygentoothreatGentoo: GLSA 202007-56 Normal: Claws Mail STARTTLS Handling Threat
A vulnerability was discovered in Claws Mail's STARTTLS handling, possibly allowing an integrity/confidentiality compromise.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-56 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Claws Mail: Improper STARTTLS handling Date: July 28, 2020 Bugs: #733684 ID: 202007-56 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability was discovered in Claws Mail's STARTTLS handling, possibly allowing an integrity/confidentiality compromise. Background ========= Claws Mail is a GTK based e-mail client. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/claws-mail < 3.17.6 > = 3.17.6 Description ========== It was discovered that Claws Mail was not properly handling state within the STARTTLS protocol handshake. Impact ===== There may be a breach of integrity or confidentiality in connections made using Claws Mail with STARTTLS. Workaround ========= There is no known workaround at this time. Resolution ========= All Claws Mail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =mail-client/claws-mail-3.17.6" References ========= [ 1 ] CVE-2020-15917 https://nvd.nist.gov/vuln/detail/CVE-2020-15917 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202007-56 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuringthe confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jul 28, 2020
Gentoo
89
security advisorymoderatefedoraFedora 23: 2016-2ec7f779f2 Moderate: Claws-Mail Stack Overflow Fix
Update from 3.13.1 to 3.13.2 for bug-fixes. Includes security fix for CVE-2015-8708.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-2ec7f779f2 2016-02-07 23:46:30.467251 -------------------------------------------------------------------------------- Name : claws-mail Product : Fedora 23 Version : 3.13.2 Release : 1.fc23 URL : https://claws-mail.org/ Summary : Email client and news reader based on GTK+ Description : Claws Mail is an email client (and news reader), based on GTK+, featuring quick response, graceful and sophisticated interface, easy configuration, intuitive operation, abundant features, and extensibility. -------------------------------------------------------------------------------- Update Information: Update from 3.13.1 to 3.13.2 for bug-fixes. Includes security fix for CVE-2015-8708. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295353 - CVE-2015-8708 claws-mail: Stack overflow in conv_euctojis() https://bugzilla.redhat.com/show_bug.cgi?id=1295353 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update claws-mail' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Feb 08, 2016
Fedora
87
security advisorycritical issueremote code executionDebian: DSA-3452-1 Critical: Claws Mail Remote Code Execution
"DrWhax" of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account of a user that receives a message from them using Claws Mail. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3452-1
Jan 23, 2016
•Critical
Debian
198
security advisorybuffer overflowremote exploitArch Linux: ASA-201512-13 High: Claws Mail Remote Code Execution
The package claws-mail before version 3.13.1-1 is vulnerable to a remotely triggerable buffer overflow. . Arch Linux Security Advisory ASA-201512-13 ========================================= Severity: High Date : 2015-12-22 CVE-ID : CVE-2015-8614 Package : claws-mail Type : buffer overflow Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package claws-mail before version 3.13.1-1 is vulnerable to a remotely triggerable buffer overflow. Resolution ========= Upgrade to 3.13.1-1. # pacman -Syu "claws-mail> =3.13.1-1" The problem has been fixed upstream in version 3.13.1. Workaround ========= None. Description ========== A remotely triggerable buffer overflow has been found in the code of claws-mail handling character conversion, in functions conv_jistoeuc(), conv_euctojis() and conv_sjistoeuc(), in codeconv.c. There was no bounds checking on buffers passed to these functions, some stack-based but other potentially heap-based. This issue has been located in the wild and might currently be exploited. Impact ===== A remote attacker might be able to execute arbitrary code on the affected host by sending a crafted e-mail to a clasw-mail user. References ========= https://access.redhat.com/security/cve/CVE-2015-8614 . The latest Arch Linux advisory ASA-2021001 highlights a critical vulnerability involving a buffer overflow in thunderbird. Immediate update is essential.. Arch Linux, Claws Mail, High Severity, Buffer Overflow. . LinuxSecurity.com Team
Dec 22, 2015
ArchLinux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!