Upstream information

CVE-2010-2494 at MITRE

Description

Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.96
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 619847 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • bogofilter >= 1.2.4-3.56
Patchnames:
SUSE Linux Enterprise Desktop 12 GA bogofilter
SUSE Linux Enterprise Desktop 12 SP1
  • bogofilter >= 1.2.4-3.56
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA bogofilter
SUSE Linux Enterprise Desktop 12 SP2
  • bogofilter >= 1.2.4-5.3
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA bogofilter
SUSE Linux Enterprise Workstation Extension 12
  • bogofilter >= 1.2.4-3.56
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 GA bogofilter
SUSE Linux Enterprise Workstation Extension 12 SP1
  • bogofilter >= 1.2.4-3.56
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP1 GA bogofilter
SUSE Linux Enterprise Workstation Extension 12 SP2
  • bogofilter >= 1.2.4-5.3
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP2 GA bogofilter
SUSE Linux Enterprise Desktop 11 SP1
  • bogofilter >= 1.1.1-174.20.1
sled11-sp1.x86-64
sled11-sp1.x86
SAT Patch Nr: 2666
SUSE Linux Enterprise Desktop 11 GA
  • bogofilter >= 1.1.1-174.20.1
sled11.x86-64
sled11.x86
SAT Patch Nr: 2665
openSUSE 11.1
  • bogofilter-debuginfo >= 1.1.1-174.18.1
  • bogofilter-debugsource >= 1.1.1-174.18.1
openSUSE 11.1
  • bogofilter >= 1.1.1-174.18.1
openSUSE 11.2
  • bogofilter-debuginfo >= 1.2.0-2.5.1
  • bogofilter-debugsource >= 1.2.0-2.5.1
openSUSE 11.2
  • bogofilter >= 1.2.0-2.5.1
openSUSE 13.2
  • bogofilter >= 1.2.4-4.1.2
Patchnames:
openSUSE 13.2 GA bogofilter
openSUSE Evergreen 11.4
  • bogofilter >= 1.2.3-12.1
  • bogofilter-debuginfo >= 1.2.3-12.1
  • bogofilter-debugsource >= 1.2.3-12.1
Patchnames:
2012-21
openSUSE Leap 42.1
  • bogofilter-common >= 1.2.4-5.1
  • bogofilter-db >= 1.2.4-5.1
Patchnames:
openSUSE Leap 42.1 GA bogofilter-common
openSUSE Leap 42.2
  • bogofilter-common >= 1.2.4-6.4
  • bogofilter-db >= 1.2.4-6.4
Patchnames:
openSUSE Leap 42.2 GA bogofilter-common
openSUSE Tumbleweed
  • bogofilter-common >= 1.2.4-9.6
  • bogofilter-db >= 1.2.4-9.6
  • bogofilter-doc >= 1.2.4-9.6
  • bogofilter-kyotocabinet >= 1.2.4-9.6
  • bogofilter-sqlite3 >= 1.2.4-9.6
Patchnames:
openSUSE Tumbleweed GA bogofilter-common