Advisories » MGASA-2016-0008

Updated claws-mail packages fix security vulnerability

Publication date: 12 Jan 2016
Modification date: 12 Jan 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8614

Description

no bounds checking on the output buffer in conv_jistoeuc, conv_euctojis,
conv_sjistoeuc

A Tails contributor found a vulnerability in claws-mail where in
codeconv.c a function for japanese character set conversion called
conv_jistoeuc() has no bounds checking on the output buffer which is
created on the stack with alloca() (CVE-2015-8614).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17380
• http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557
• https://security-tracker.debian.org/tracker/CVE-2015-8614
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8614

SRPMS

5/core

• claws-mail-3.11.1-3.mga5