[SECURITY] [DSA 2585-1] bogofilter security update

2012-12-1118:27:11

lists.debian.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.179 Low

EPSS

Percentile

96.2%

JSON

Debian Security Advisory DSA-2585-1 [email protected]
http://www.debian.org/security/
December 11, 2012 http://www.debian.org/security/faq

Package : bogofilter
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-5468
Debian Bug : 695139

A heap-based buffer overflow was discovered in bogofilter, a software
package for classifying mail messages as spam or non-spam. Crafted
mail messages with invalid base64 data could lead to heap corruption
and, potentially, arbitrary code execution.

For the stable distribution (squeeze), this problem has been fixed in
version 1.2.2-2+squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem has been fixed in version 1.2.2+dfsg1-2.

We recommend that you upgrade your bogofilter packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6mipsbogofilter< 1.2.2-2+squeeze1bogofilter_1.2.2-2+squeeze1_mips.deb
Debian6powerpcbogofilter-sqlite< 1.2.2-2+squeeze1bogofilter-sqlite_1.2.2-2+squeeze1_powerpc.deb
Debian6kfreebsd-amd64bogofilter-bdb< 1.2.2-2+squeeze1bogofilter-bdb_1.2.2-2+squeeze1_kfreebsd-amd64.deb
Debian6sparcbogofilter-tokyocabinet< 1.2.2-2+squeeze1bogofilter-tokyocabinet_1.2.2-2+squeeze1_sparc.deb
Debian6powerpcbogofilter< 1.2.2-2+squeeze1bogofilter_1.2.2-2+squeeze1_powerpc.deb
Debian6armelbogofilter< 1.2.2-2+squeeze1bogofilter_1.2.2-2+squeeze1_armel.deb
Debian6allbogofilter-common< 1.2.2-2+squeeze1bogofilter-common_1.2.2-2+squeeze1_all.deb
Debian6powerpcbogofilter-tokyocabinet< 1.2.2-2+squeeze1bogofilter-tokyocabinet_1.2.2-2+squeeze1_powerpc.deb
Debian6s390bogofilter-bdb< 1.2.2-2+squeeze1bogofilter-bdb_1.2.2-2+squeeze1_s390.deb
Debian6kfreebsd-i386bogofilter-sqlite< 1.2.2-2+squeeze1bogofilter-sqlite_1.2.2-2+squeeze1_kfreebsd-i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	mips	bogofilter	< 1.2.2-2+squeeze1	bogofilter_1.2.2-2+squeeze1_mips.deb
Debian	6	powerpc	bogofilter-sqlite	< 1.2.2-2+squeeze1	bogofilter-sqlite_1.2.2-2+squeeze1_powerpc.deb
Debian	6	kfreebsd-amd64	bogofilter-bdb	< 1.2.2-2+squeeze1	bogofilter-bdb_1.2.2-2+squeeze1_kfreebsd-amd64.deb
Debian	6	sparc	bogofilter-tokyocabinet	< 1.2.2-2+squeeze1	bogofilter-tokyocabinet_1.2.2-2+squeeze1_sparc.deb
Debian	6	powerpc	bogofilter	< 1.2.2-2+squeeze1	bogofilter_1.2.2-2+squeeze1_powerpc.deb
Debian	6	armel	bogofilter	< 1.2.2-2+squeeze1	bogofilter_1.2.2-2+squeeze1_armel.deb
Debian	6	all	bogofilter-common	< 1.2.2-2+squeeze1	bogofilter-common_1.2.2-2+squeeze1_all.deb
Debian	6	powerpc	bogofilter-tokyocabinet	< 1.2.2-2+squeeze1	bogofilter-tokyocabinet_1.2.2-2+squeeze1_powerpc.deb
Debian	6	s390	bogofilter-bdb	< 1.2.2-2+squeeze1	bogofilter-bdb_1.2.2-2+squeeze1_s390.deb
Debian	6	kfreebsd-i386	bogofilter-sqlite	< 1.2.2-2+squeeze1	bogofilter-sqlite_1.2.2-2+squeeze1_kfreebsd-i386.deb