openSUSE Security Update: update for bogofilter
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2013:0166-1
Rating:             important
References:         #792939 
Cross-References:   CVE-2010-2494
Affected Products:
                    openSUSE 11.4/standard/i586/patchinfo.28
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   - Update to version 1.2.3.
   * Update configure.ac to avoid autoconf 2.68 warnings, by
   (a) quoting the first AC_RUN_IFELSE argument, an
   AC_LANG_PROGRAM(), with [ ], and (b) providing an
   explicit "true" assumption for Berkeley DB capabilities
   to avoid cross-compilation warnings.
   * Security bugfix; (bnc#792939), Fix a heap corruption in
   base64 decoder on invalid input.
      2-01
   * Added bogofilter-faq-bg.html, a Bulgarian translation
   of the FAQ.
   * Mark "Berkeley DB 5.1.19: (August 27, 2010)" supported.
   - Update to version 1.2.2.
   * Use a better PRNG for random sleeps. That is
   arc4random() where available, and drand48() elsewhere.
   * Assorted fixes for issues found with clang analyzer:
   + Fix a potential NULL deference
   + Fix a potential division by zero
   + Remove dead assignments and increments
   * Update Doxyfile and source contrib/bogogrep.c for docs,
   too.
   * Security bugfix, CVE-2010-2494: Fix a heap corruption
   in base64 decoder on invalid input. Analysis and patch
   by Julius Plenz . Please
   see doc/bogofilter-SA-2010-01 for details.
   * Updated sendmail milter contrib/bogofilter-milter.pl to
   v1.??????
   * Bump supported/minimum SQLite3 versions and warning
   threshold. See doc/README.sqlite for details.
   * Mark BerkeleyDB 4.8.26 and 5.0.21 supported.
   * Make t.maint more robust; ignore .ENCODING token. To
   fix test failures on, for instance, FreeBSD with
   unicode enabled.
   * Fix several compiler warnings "array subscript has type
   'char'", by casting the arguments to unsigned char.
   * Split error messages for ENOENT and EINVAL into new
   function.
   * Avoid divison by zero in robx computation by checking
   if there are at least one ham message and one spam
   message registered.
   * contrib/spamitarium.pl updated to version 0.4.0
   * Updated and integrated Ted Phelps's "Patch to prevent
   .ENCODING from being discarded by bogoutil -m"
   (SourceForge Patch #1743984).
   - remove call to suse_update_config (very old work around)
   - Remove redundant tags/sections from specfile
   - Use %_smp_mflags for parallel build


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 11.4/standard/i586/patchinfo.28:

      zypper in -t patch 2012-21

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 11.4/standard/i586/patchinfo.28 (i586 x86_64):

      bogofilter-1.2.3-12.1
      bogofilter-debuginfo-1.2.3-12.1
      bogofilter-debugsource-1.2.3-12.1


References:

   https://www.suse.com/security/cve/CVE-2010-2494.html
   https://bugzilla.novell.com/792939

--

openSUSE: 2013:0166-1: important: bogofilter

January 23, 2013
An update that fixes one vulnerability is now available.

Description

- Update to version 1.2.3. * Update configure.ac to avoid autoconf 2.68 warnings, by (a) quoting the first AC_RUN_IFELSE argument, an AC_LANG_PROGRAM(), with [ ], and (b) providing an explicit "true" assumption for Berkeley DB capabilities to avoid cross-compilation warnings. * Security bugfix; (bnc#792939), Fix a heap corruption in base64 decoder on invalid input. 2-01 * Added bogofilter-faq-bg.html, a Bulgarian translation of the FAQ. * Mark "Berkeley DB 5.1.19: (August 27, 2010)" supported. - Update to version 1.2.2. * Use a better PRNG for random sleeps. That is arc4random() where available, and drand48() elsewhere. * Assorted fixes for issues found with clang analyzer: + Fix a potential NULL deference + Fix a potential division by zero + Remove dead assignments and increments * Update Doxyfile and source contrib/bogogrep.c for docs, too. * Security bugfix, CVE-2010-2494: Fix a heap corruption in base64 deco...

Read the Full Advisory

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4/standard/i586/patchinfo.28: zypper in -t patch 2012-21 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 11.4/standard/i586/patchinfo.28 (i586 x86_64): bogofilter-1.2.3-12.1 bogofilter-debuginfo-1.2.3-12.1 bogofilter-debugsource-1.2.3-12.1


References

https://www.suse.com/security/cve/CVE-2010-2494.html https://bugzilla.novell.com/792939--


Severity
Announcement ID: openSUSE-SU-2013:0166-1
Rating: important
Affected Products: openSUSE 11.4/standard/i586/patchinfo.28

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved