GLSA-200503-26 : Sylpheed, Sylpheed-claws: Message reply overflow
Medium Nessus Plugin ID 17582
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200503-26 (Sylpheed, Sylpheed-claws: Message reply overflow)
Sylpheed and Sylpheed-claws fail to properly handle non-ASCII characters in email headers when composing reply messages.
An attacker can send an email containing a malicious non-ASCII header which, when replied to, would cause the program to crash, potentially allowing the execution of arbitrary code with the privileges of the user running the software.
There is no known workaround at this time.
SolutionAll Sylpheed users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/sylpheed-1.0.3' All Sylpheed-claws users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/sylpheed-claws-1.0.3'