Test ID:	1.3.6.1.4.1.25623.1.1.1.2.2016.383
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-383-1)
Summary:	The remote host is missing an update for the Debian 'claws-mail' package(s) announced via the DLA-383-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'claws-mail' package(s) announced via the DLA-383-1 advisory. Vulnerability Insight: 'DrWhax' of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account of a user that receives a message from them using Claws Mail. CVE-2015-8614 There were no checks on the output length for conversions between JIS (ISO-2022-JP) and EUC-JP, between JIS and UTF-8, and from Shift_JIS to EUC-JP. CVE-2015-8708 The original fix for CVE-2015-8614 was incomplete. For the oldoldstable distribution (squeeze), these problems have been fixed in version 3.7.6-4+squeeze2. For the oldstable distribution (wheezy) and the stable distribution (jessie), this will be fixed soon. These versions were built with hardening features that make this issue harder to exploit. Affected Software/OS: 'claws-mail' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8614 Debian Security Information: DSA-3452 (Google Search) http://www.debian.org/security/2016/dsa-3452 https://security.gentoo.org/glsa/201606-11 http://www.openwall.com/lists/oss-security/2015/12/22/2 http://www.openwall.com/lists/oss-security/2015/12/21/10 SuSE Security Announcement: openSUSE-SU-2016:0002 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-01/msg00000.html
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.