Lucene search

K
redhatRedHatRHSA-2005:303
HistoryMar 18, 2005 - 12:00 a.m.

(RHSA-2005:303) sylpheed security update

2005-03-1800:00:00
access.redhat.com
10

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.055 Low

EPSS

Percentile

93.2%

Sylpheed is a GTK+ based fast email client.

A buffer overflow bug has been found in the way Sylpheed handles non-ASCII
characters in the header of a message to which a victim replies. A
carefully crafted email message could potentially allow an attacker to
execute arbitrary code on a victim’s machine if they reply to such a
message. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-0667 to this issue.

Users of Sylpheed should upgrade to this updated package, which contains a
backported patch, and is not vulnerable to this issue.

OSVersionArchitecturePackageVersionFilename
RedHatanyi386sylpheed<Β 0.5.0-3.EL21.1sylpheed-0.5.0-3.EL21.1.i386.rpm
RedHatanyia64sylpheed<Β 0.5.0-3.EL21.1sylpheed-0.5.0-3.EL21.1.ia64.rpm

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.055 Low

EPSS

Percentile

93.2%