Updated claws-mail packages fix security vulnerability
Publication date: 19 Dec 2014Modification date: 19 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2010-5109
Description
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF
Stream Reader allows remote attackers to cause a denial of service (crash)
via a crafted TNEF file, which triggers a buffer overflow (CVE-2010-5109).
The claws-mail package contains an embedded copf of libytnef, which has been
patched to fix this issue.
References
- https://bugs.mageia.org/show_bug.cgi?id=14743
- http://sourceforge.net/tracker/?func=detail&aid=2949686&group_id=70352&atid=527487
- http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083853.html
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771360
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5109
SRPMS
4/core
- claws-mail-3.11.1-1.1.mga4