|
|
Subscribe / Log in / New account

claws-mail: code execution

Package(s):claws-mail CVE #(s):CVE-2015-8614
Created:December 23, 2015 Updated:February 17, 2016
Description: From the Arch Linux advisory:

A remotely triggerable buffer overflow has been found in the code of claws-mail handling character conversion, in functions conv_jistoeuc(), conv_euctojis() and conv_sjistoeuc(), in codeconv.c. There was no bounds checking on buffers passed to these functions, some stack-based but other potentially heap-based. This issue has been located in the wild and might currently be exploited.

A remote attacker might be able to execute arbitrary code on the affected host by sending a crafted e-mail to a claws-mail user.

Alerts:
Gentoo 201606-11 claws-mail 2016-06-26
Debian DSA-3452-1 claws-mail 2016-01-23
Debian-LTS DLA-383-1 claws-mail 2016-01-12
Mageia MGASA-2016-0008 claws-mail 2016-01-12
openSUSE openSUSE-SU-2016:0002-1 claws-mail 2016-01-02
Fedora FEDORA-2015-3a073171c3 claws-mail 2016-01-03
Fedora FEDORA-2015-aa14be8d92 claws-mail 2015-12-31
Arch Linux ASA-201512-13 claws-mail 2015-12-22
Mageia MGASA-2016-0067 claws-mail 2016-02-17
openSUSE openSUSE-SU-2016:0485-1 claws-mail 2016-02-17
openSUSE openSUSE-SU-2016:0479-1 claws-mail 2016-02-16
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds