Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
203
security advisorysecurity issuecriticalMageia 8 Moderate: Updated Claws-Mail and Sylpheed Link Check Issue
Updated sylpheed and claws-mail packages fix security vulnerability: The textview_uri_security_check() function in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click (CVE-2021-37746). . MGASA-2021-0408 - Updated sylpheed and claws-mail packages fix security vulnerability Publication date: 15 Aug 2021 URL: https://advisories.mageia.org/MGASA-2021-0408.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-37746 Updated sylpheed and claws-mail packages fix security vulnerability: The textview_uri_security_check() function in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click (CVE-2021-37746). References: - https://bugs.mageia.org/show_bug.cgi?id=29356 - https://lists.fedoraproject.org/archives/list/
Aug 15, 2021
Mageia
87
security advisorysecurity updatebuffer overflowDebian 3.0 DSA 906-1 Critical: Sylpheed Remote Buffer Overflow
Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 906-1
Nov 22, 2005
•Critical
Debian
91
security advisorygentoobuffer overflowGentoo: GLSA-200511-14 Moderate: Gnumeric Security Flaw Detected
Sylpheed and Sylpheed-Claws contain a buffer overflow vulnerability which may lead to the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200511-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Sylpheed, Sylpheed-Claws: Buffer overflow in LDIF importer Date: November 15, 2005 Bugs: #111853 ID: 200511-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Sylpheed and Sylpheed-Claws contain a buffer overflow vulnerability which may lead to the execution of arbitrary code. Background ========= Sylpheed is a lightweight email client and newsreader. Sylpheed-Claws is a 'bleeding edge' version of Sylpheed. They both support the import of address books in LDIF (Lightweight Directory Interchange Format). Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/sylpheed < 2.0.4 > = 2.0.4 2 mail-client/sylpheed-claws < 1.0.5-r1 > = 1.0.5-r1 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== Colin Leroy reported buffer overflow vulnerabilities in Sylpheed and Sylpheed-Claws. The LDIF importer uses a fixed length buffer to store data of variable length. Two similar problems exist also in the Mutt and Pine addressbook importers of Sylpheed-Claws. Impact ===== By convincing a user to import a specially-crafted LDIFfile into the address book, a remote attacker could cause the program to crash, potentially allowing the execution of arbitrary code with the privileges of the user running the software. Workaround ========= There is no known workaround at this time. Resolution ========= All Sylpheed users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =mail-client/sylpheed-2.0.4" All Sylpheed-Claws users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =mail-client/sylpheed-claws-1.0.5-r1" References ========= [ 1 ] CVE-2005-3354 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200511-13 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Nov 15, 2005
Gentoo
89
security advisoryupdatebuffer overflowFedora Core 2: FEDORA-2005-263 Critical: Sylpheed Buffer Overflow
Updated package.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-263 2005-03-29 ---------------------------------------------------------------------Product : Fedora Core 2 Name : sylpheed Version : 1.0.4 Release : 0.fc2 Summary : A GTK+ based, lightweight, and fast email client. Description : This program is an X based fast email client which has features like: o user-friendly and intuitive interface o integrated NetNews client (partially implemented) o ability of keyboard-only operation o Mew/Wanderlust-like key bind o multipart MIME o unlimited multiple account handling o message queueing o assortment function o XML-based address book See /usr/share/doc/sylpheed*/README for more information. ---------------------------------------------------------------------* Mon Mar 28 2005 Warren Togami - 1.0.4-0.fc2 - 1.0.4 fixes another buffer overflow ---------------------------------------------------------------------This update can be downloaded from: 2f5a18417bde55cae286daeff079903f SRPMS/sylpheed-1.0.4-0.fc2.src.rpm 9969eb242a19817dafd30edff744ddb3 x86_64/sylpheed-1.0.4-0.fc2.x86_64.rpm 487835349be1bc4794145c0b5b395eaa x86_64/debug/sylpheed-debuginfo-1.0.4-0.fc2.x86_64.rpm 94ca08666fd3ddd52b72be0b23dad99e i386/debug/sylpheed-debuginfo-1.0.4-0.fc2.i386.rpm 6d075fbac76ff0fdb9ce962896ed6952 i386/sylpheed-1.0.4-0.fc2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Mar 29, 2005
•Critical
Fedora
91
security advisorygentoosoftware updateGentoo GLSA-200503-26 Normal: Sylpheed Message Reply Crash Risk
Sylpheed and Sylpheed-claws contain a vulnerability that can be triggered when replying to specially crafted messages.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200503-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Sylpheed, Sylpheed-claws: Message reply overflow Date: March 20, 2005 Bugs: #84056 ID: 200503-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Sylpheed and Sylpheed-claws contain a vulnerability that can be triggered when replying to specially crafted messages. Background ========= Sylpheed is a lightweight email client and newsreader. Sylpheed-claws is a 'bleeding edge' version of Sylpheed. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/sylpheed < 1.0.3 > = 1.0.3 2 mail-client/sylpheed-claws < 1.0.3 > = 1.0.3 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== Sylpheed and Sylpheed-claws fail to properly handle non-ASCII characters in email headers when composing reply messages. Impact ===== An attacker can send an email containing a malicious non-ASCII header which, when replied to, would cause the program to crash, potentially allowing the execution of arbitrary code with the privileges of the user running the software. Workaround ========= There is no known workaround at thistime. Resolution ========= All Sylpheed users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =mail-client/sylpheed-1.0.3" All Sylpheed-claws users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =mail-client/sylpheed-claws-1.0.3" References ========= [ 1 ] Sylpheed ChangeLog [ 2 ] CAN-2005-0667 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0667 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200503-26 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Mar 20, 2005
Gentoo
98
security advisorybuffer overflowsoftware updateRed Hat Enterprise: RHSA-2005:303-01 Important: sylpheed Buffer Overflow
An updated sylpheed package that fixes a buffer overflow issue is now available. This update has been rated as having important security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: sylpheed security update Advisory ID: RHSA-2005:303-01 Advisory URL: https://access.redhat.com/errata/RHSA-2005:303.html Issue date: 2005-03-18 Updated on: 2005-03-18 Product: Red Hat Enterprise Linux Keywords: buffer overflow CVE Names: CAN-2005-0667 - ---------------------------------------------------------------------1. Summary: An updated sylpheed package that fixes a buffer overflow issue is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: Sylpheed is a GTK+ based fast email client. A buffer overflow bug has been found in the way Sylpheed handles non-ASCII characters in the header of a message to which a victim replies. A carefully crafted email message could potentially allow an attacker to execute arbitrary code on a victim's machine if they reply to such a message. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0667 to this issue. Users of Sylpheed should upgrade to this updated package, which contains a backported patch, and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use thefollowing command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 150687 - CAN-2005-0667 sylpheed buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: 8b6c86548aa1e9c54f0d017c00e145cb sylpheed-0.5.0-3.EL21.1.src.rpm i386: 4cc680f7f44dc289cfe8350cc5d2a5f8 sylpheed-0.5.0-3.EL21.1.i386.rpm ia64: 7b067a34374921415a498662db9c98ee sylpheed-0.5.0-3.EL21.1.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: 8b6c86548aa1e9c54f0d017c00e145cb sylpheed-0.5.0-3.EL21.1.src.rpm ia64: 7b067a34374921415a498662db9c98ee sylpheed-0.5.0-3.EL21.1.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: 8b6c86548aa1e9c54f0d017c00e145cb sylpheed-0.5.0-3.EL21.1.src.rpm i386: 4cc680f7f44dc289cfe8350cc5d2a5f8 sylpheed-0.5.0-3.EL21.1.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: 8b6c86548aa1e9c54f0d017c00e145cb sylpheed-0.5.0-3.EL21.1.src.rpm i386: 4cc680f7f44dc289cfe8350cc5d2a5f8 sylpheed-0.5.0-3.EL21.1.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-CAN-2005-0667 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. . The advisory from Red Hat highlights a serious security vulnerability relating to buffer overflow in sylpheed, urging users to apply necessary updates promptly.. sylpheed update, red hat advisory, buffer overflow fix. . Severity: Important. LinuxSecurity.com Team
Mar 18, 2005
•Important
Red Hat
89
security advisorybuffer overflowcriticalFedora Core 3: FEDORA-2006-321 Important: Evolution Memory Leak
Updated package.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-224 2005-03-17 ---------------------------------------------------------------------Product : Fedora Core 2 Name : sylpheed Version : 1.0.3 Release : 0.FC2 Summary : A GTK+ based, lightweight, and fast email client. Description : This program is an X based fast email client which has features like: o user-friendly and intuitive interface o integrated NetNews client (partially implemented) o ability of keyboard-only operation o Mew/Wanderlust-like key bind o multipart MIME o unlimited multiple account handling o message queueing o assortment function o XML-based address book See /usr/share/doc/sylpheed*/README for more information. ---------------------------------------------------------------------* Thu Mar 17 2005 Akira TAGOH - 1.0.3-0.FC2 - New upstream release. - contains the possible buffer overflow issue. CAN-2005-0667 ---------------------------------------------------------------------This update can be downloaded from: 0d7bc4aae5534e5c71bd8b2698671199 SRPMS/sylpheed-1.0.3-0.FC2.src.rpm ef2dd75105573cc2b75930bc75f87589 x86_64/sylpheed-1.0.3-0.FC2.x86_64.rpm f1499bdc774a0ff9c02d581c2be56f5b x86_64/debug/sylpheed-debuginfo-1.0.3-0.FC2.x86_64.rpm 6f556b79639287449cfd9d066a58b8b4 i386/debug/sylpheed-debuginfo-1.0.3-0.FC2.i386.rpm 4dcfa1c2873479d9499ff882abe65c10 i386/sylpheed-1.0.3-0.FC2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Mar 17, 2005
•Important
Fedora
89
security advisorybuffer overflowsoftware updateFedora Core 3: FEDORA-2005-211 Moderate: Sylpheed Buffer Overflow Issue
Updated pacakge.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-211 2005-03-15 ---------------------------------------------------------------------Product : Fedora Core 3 Name : sylpheed Version : 1.0.3 Release : 0.FC3 Summary : A GTK+ based, lightweight, and fast email client. Description : This program is an X based fast email client which has features like: o user-friendly and intuitive interface o integrated NetNews client (partially implemented) o ability of keyboard-only operation o Mew/Wanderlust-like key bind o multipart MIME o unlimited multiple account handling o message queueing o assortment function o XML-based address book See /usr/share/doc/sylpheed*/README for more information. ---------------------------------------------------------------------* Tue Mar 15 2005 Akira TAGOH - 1.0.3-0.FC3 - New upstream release. - contains the possible buffer overflow issue. (#150688) CAN-2005-0667 ---------------------------------------------------------------------This update can be downloaded from: 48093884a36c117c747f5e624ed0eb6d SRPMS/sylpheed-1.0.3-0.FC3.src.rpm e868442d5ab54b25b683fd5afec235b1 x86_64/sylpheed-1.0.3-0.FC3.x86_64.rpm 266c2c7849d5d96b680bcf53136a1928 x86_64/debug/sylpheed-debuginfo-1.0.3-0.FC3.x86_64.rpm 9b5981537fd0273b74faf25f0b15d073 i386/debug/sylpheed-debuginfo-1.0.3-0.FC3.i386.rpm 81e4d2b21d6289f1a4319163029478c7 i386/sylpheed-1.0.3-0.FC3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Mar 15, 2005
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!