Upstream information

CVE-2010-2494 at MITRE

Description

Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 619847 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • bogofilter >= 1.2.4-3.56
Patchnames:
SUSE Linux Enterprise Desktop 12 GA bogofilter
SUSE Linux Enterprise Desktop 12 SP1
  • bogofilter >= 1.2.4-3.56
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA bogofilter
SUSE Linux Enterprise Desktop 12 SP2
  • bogofilter >= 1.2.4-5.3
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA bogofilter
SUSE Linux Enterprise Desktop 12 SP3
  • bogofilter >= 1.2.4-5.3
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA bogofilter
SUSE Linux Enterprise Workstation Extension 12
  • bogofilter >= 1.2.4-3.56
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 GA bogofilter
SUSE Linux Enterprise Workstation Extension 12 SP1
  • bogofilter >= 1.2.4-3.56
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP1 GA bogofilter
SUSE Linux Enterprise Workstation Extension 12 SP2
  • bogofilter >= 1.2.4-5.3
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP2 GA bogofilter
SUSE Linux Enterprise Workstation Extension 12 SP3
  • bogofilter >= 1.2.4-5.3
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP3 GA bogofilter
SUSE Linux Enterprise Desktop 11 SP1
  • bogofilter >= 1.1.1-174.20.1
sled11-sp1.x86-64
sled11-sp1.x86
SAT Patch Nr: 2666
SUSE Linux Enterprise Desktop 11 GA
  • bogofilter >= 1.1.1-174.20.1
sled11.x86-64
sled11.x86
SAT Patch Nr: 2665
openSUSE 11.1
  • bogofilter-debuginfo >= 1.1.1-174.18.1
  • bogofilter-debugsource >= 1.1.1-174.18.1
openSUSE 11.1
  • bogofilter >= 1.1.1-174.18.1
openSUSE 11.2
  • bogofilter-debuginfo >= 1.2.0-2.5.1
  • bogofilter-debugsource >= 1.2.0-2.5.1
openSUSE 11.2
  • bogofilter >= 1.2.0-2.5.1
openSUSE Leap 42.1
  • bogofilter-common >= 1.2.4-5.1
  • bogofilter-db >= 1.2.4-5.1
Patchnames:
openSUSE Leap 42.1 GA bogofilter-common
openSUSE Leap 42.2
  • bogofilter-common >= 1.2.4-6.4
  • bogofilter-db >= 1.2.4-6.4
Patchnames:
openSUSE Leap 42.2 GA bogofilter-common
openSUSE Leap 42.3
  • bogofilter-common >= 1.2.4-8.1
  • bogofilter-db >= 1.2.4-8.1
Patchnames:
openSUSE Leap 42.3 GA bogofilter-common
openSUSE Tumbleweed
  • bogofilter-common >= 1.2.4-9.6
  • bogofilter-db >= 1.2.4-9.6
  • bogofilter-doc >= 1.2.4-9.6
  • bogofilter-kyotocabinet >= 1.2.4-9.6
  • bogofilter-sqlite3 >= 1.2.4-9.6
Patchnames:
openSUSE Tumbleweed GA bogofilter-common

Overall state of this security issue: Resolved


Status of this issue by product and package

Product(s) Source package State
SUSE Linux Enterprise Desktop 11 GA bogofilter Released
SUSE Linux Enterprise Desktop 11 SP1 bogofilter Released
SUSE Linux Enterprise Desktop 11 SP2 bogofilter Released
SUSE Linux Enterprise Desktop 11 SP3 bogofilter Released
SUSE Linux Enterprise Desktop 11 SP4 bogofilter Released