openSUSE Security Update : claws-mail (openSUSE-SU-2014:1291-1)

medium Nessus Plugin ID 78452

Synopsis

The remote openSUSE host is missing a security update.

Description

- Update to version 3.10.1(bnc#870858) :

+ Add an account preference to allow automatically accepting unknown and changed SSL certificates, if they're valid (that is, if the root CA is trusted by the distro).

+ RFE 3196, 'When changing quicksearch Search Type, set focus to search input box'.

+ PGP/Core plugin: Generate 2048 bit RSA keys.

+ Major code cleanup.

+ Extended claws-mail.desktop with Compose and Receive actions.

+ Fix GConf use with newer Glib.

+ Fix the race fix, now preventing the compose window to be closed.

+ Fix 'File (null) doesn't exist' error dialog, when attaching a non-existing file via --attach

+ Fix spacing in Folderview if the font is far from the system font.

+ RSSyl :

- When parsing RSS 2.0, ignore tags with a namespace prefix.

- Check for existence of xmlNode namespace, to prevent NULL pointer crashes.

+ Bugs fixed: claws#2728, claws#2981, claws#3170, claws#3179, claws#3201, deb#730050.

+ Updated translations.

- Drop claws-mail-3.10.0_uninitialized_variable_git51af19b.patc h as fixed upstream.

This also fixes CVE-2014-2576.

Solution

Update the affected claws-mail packages.

See Also

https://lists.opensuse.org/opensuse-updates/2014-10/msg00015.html

Plugin Details

Severity: Medium

ID: 78452

File Name: openSUSE-2014-587.nasl

Version: 1.5

Type: local

Agent: unix

Published: 10/15/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:claws-mail, p-cpe:/a:novell:opensuse:claws-mail-debuginfo, p-cpe:/a:novell:opensuse:claws-mail-debugsource, p-cpe:/a:novell:opensuse:claws-mail-devel, p-cpe:/a:novell:opensuse:claws-mail-lang, cpe:/o:novell:opensuse:12.3, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 10/6/2014

Reference Information

CVE: CVE-2014-2576