openSUSE Security Update : claws-mail (openSUSE-SU-2014:1291-1)

Medium Nessus Plugin ID 78452


The remote openSUSE host is missing a security update.


- Update to version 3.10.1(bnc#870858) :

+ Add an account preference to allow automatically accepting unknown and changed SSL certificates, if they're valid (that is, if the root CA is trusted by the distro).

+ RFE 3196, 'When changing quicksearch Search Type, set focus to search input box'.

+ PGP/Core plugin: Generate 2048 bit RSA keys.

+ Major code cleanup.

+ Extended claws-mail.desktop with Compose and Receive actions.

+ Fix GConf use with newer Glib.

+ Fix the race fix, now preventing the compose window to be closed.

+ Fix 'File (null) doesn't exist' error dialog, when attaching a non-existing file via --attach

+ Fix spacing in Folderview if the font is far from the system font.

+ RSSyl :

- When parsing RSS 2.0, ignore tags with a namespace prefix.

- Check for existence of xmlNode namespace, to prevent NULL pointer crashes.

+ Bugs fixed: claws#2728, claws#2981, claws#3170, claws#3179, claws#3201, deb#730050.

+ Updated translations.

- Drop claws-mail-3.10.0_uninitialized_variable_git51af19b.patc h as fixed upstream.

This also fixes CVE-2014-2576.


Update the affected claws-mail packages.

See Also

Plugin Details

Severity: Medium

ID: 78452

File Name: openSUSE-2014-587.nasl

Version: $Revision: 1.2 $

Type: local

Agent: unix

Published: 2014/10/15

Modified: 2014/10/24

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:claws-mail, p-cpe:/a:novell:opensuse:claws-mail-debuginfo, p-cpe:/a:novell:opensuse:claws-mail-debugsource, p-cpe:/a:novell:opensuse:claws-mail-devel, p-cpe:/a:novell:opensuse:claws-mail-lang, cpe:/o:novell:opensuse:12.3, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2014/10/06

Reference Information

CVE: CVE-2014-2576