openSUSE Security Update : claws-mail (openSUSE-SU-2014:1384-1) (POODLE)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Claws Mail was updated to version 3.11.0.

Changes :

+ SSLv3 server connections are now disabled by default, in
response to the POODLE vulnerability (CVE-2014-3566).

+ Several PGP/Core plugin improvements :

- Indicate when a key has been revoked or has expired when
displaying signature status.

- When displaying the full information, show the Validity,
and the Owner Trust level. Also indicate expired and
revoked keys, and revoked UIDs.

- The 'Content-Disposition: attachment' flag in PGP/MIME
signed messages has been removed. It was confusing for
cetain MUAs.

+ A new version of the RSSyl plugin, completely redesigned
and rewritten.

+ The results of TAB address completion in the Compose
window have improved ordering.

+ Due to popular demand, use of the Up key in the message
body in the Compose window stops at the top of the
message body and does not continue up to the header
fields. This reverts the behaviour introduced in version
3.10.0.

+ In the Compose window, when navigating with the arrow
keys, selecting, and thus modifying, the Account
selector is now prevented.

+ In the Compose window, a mnemonic (s) has been added to
the Subject line.

+ The Queue folder is highlighted if there are messages in
its sub-folders and the tree is collapsed.

+ When sorting messages by 'thread date', clicking the
'Date' column header will now toggle between
ascending/descending and will not switch to 'date'
sorting.

+ A new QuickSearch filter has been added that searches a
header's content only.

+ A Reply-To field has been added to the main Template
configuration.

+ The menubar can now be hidden, default hotkey: F12.

+ Fancy plugin: A user-controlled stylesheet can now be
used.

+ Python plugin: Add flag attributes to MessageInfo
object.

+ Python plugin: Make 'account' property of ComposeWindow
read/write.

+ Libravatar plugin: a network timeout option has been
added.

+ The tbird2claws.py script, for converting a Thunderbird
mailbox to a Claws Mail mailbox, now handles
sub-directory recursion.

+ Updated translations

See also :

http://lists.opensuse.org/opensuse-updates/2014-11/msg00030.html
https://bugzilla.opensuse.org/show_bug.cgi?id=903276

Solution :

Update the affected claws-mail packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Family: SuSE Local Security Checks

Nessus Plugin ID: 79106 ()

Bugtraq ID:

CVE ID: CVE-2014-3566

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now