openSUSE Security Update : claws-mail (openSUSE-SU-2014:1291-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

- Update to version 3.10.1(bnc#870858) :

+ Add an account preference to allow automatically
accepting unknown and changed SSL certificates, if
they're valid (that is, if the root CA is trusted by the
distro).

+ RFE 3196, 'When changing quicksearch Search Type, set
focus to search input box'.

+ PGP/Core plugin: Generate 2048 bit RSA keys.

+ Major code cleanup.

+ Extended claws-mail.desktop with Compose and Receive
actions.

+ Fix GConf use with newer Glib.

+ Fix the race fix, now preventing the compose window to
be closed.

+ Fix 'File (null) doesn't exist' error dialog, when
attaching a non-existing file via --attach

+ Fix spacing in Folderview if the font is far from the
system font.

+ RSSyl :

- When parsing RSS 2.0, ignore tags with a namespace
prefix.

- Check for existence of xmlNode namespace, to prevent
NULL pointer crashes.

+ Bugs fixed: claws#2728, claws#2981, claws#3170,
claws#3179, claws#3201, deb#730050.

+ Updated translations.

- Drop
claws-mail-3.10.0_uninitialized_variable_git51af19b.patc
h as fixed upstream.

This also fixes CVE-2014-2576.

See also :

http://lists.opensuse.org/opensuse-updates/2014-10/msg00015.html

Solution :

Update the affected claws-mail packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 78452 ()

Bugtraq ID:

CVE ID: CVE-2014-2576

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now