Technical Description

Fedora has released updated packages to correct a vulnerability identified in Sylpheed. This flaw is due to a stack overflow error in the "ldif_get_line()" [ldif.c] function that does not properly handle malformed LDIF files, which could be exploited by attackers to compromise a vulnerable system by convincing a user to import a specially crafted LDIF file into the address book. For additional information, see : VUPEN/ADV-2005-2360

Affected Products

Fedora Core 3

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

e2650f7db8fe097bab4e741e45dc323e SRPMS/sylpheed-1.0.6-0.fc3.src.rpm
8f4cd2960fef67aa18b29036811db680 x86_64/sylpheed-1.0.6-0.fc3.x86_64.rpm
42b730b3fb51ac25aaec49e76491213a x86_64/debug/sylpheed-debuginfo-1.0.6-0.fc3.x86_64.rpm
a82d20b3f251dc2d5eef8a2788bb6dfa i386/sylpheed-1.0.6-0.fc3.i386.rpm
54158d592e1af7b9315e1516ae784481 i386/debug/sylpheed-debuginfo-1.0.6-0.fc3.i386.rpm

References

http://www.vupen.com/english/advisories/2005/2363
http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00025.html

ChangeLog

2005-11-09 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.