openSUSE Security Update : claws-mail (openSUSE-SU-2014:1384-1) (POODLE)

low Nessus Plugin ID 79106

Synopsis

The remote openSUSE host is missing a security update.

Description

Claws Mail was updated to version 3.11.0.

Changes :

+ SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability (CVE-2014-3566).

+ Several PGP/Core plugin improvements :

- Indicate when a key has been revoked or has expired when displaying signature status.

- When displaying the full information, show the Validity, and the Owner Trust level. Also indicate expired and revoked keys, and revoked UIDs.

- The 'Content-Disposition: attachment' flag in PGP/MIME signed messages has been removed. It was confusing for cetain MUAs.

+ A new version of the RSSyl plugin, completely redesigned and rewritten.

+ The results of TAB address completion in the Compose window have improved ordering.

+ Due to popular demand, use of the Up key in the message body in the Compose window stops at the top of the message body and does not continue up to the header fields. This reverts the behaviour introduced in version 3.10.0.

+ In the Compose window, when navigating with the arrow keys, selecting, and thus modifying, the Account selector is now prevented.

+ In the Compose window, a mnemonic (s) has been added to the Subject line.

+ The Queue folder is highlighted if there are messages in its sub-folders and the tree is collapsed.

+ When sorting messages by 'thread date', clicking the 'Date' column header will now toggle between ascending/descending and will not switch to 'date' sorting.

+ A new QuickSearch filter has been added that searches a header's content only.

+ A Reply-To field has been added to the main Template configuration.

+ The menubar can now be hidden, default hotkey: F12.

+ Fancy plugin: A user-controlled stylesheet can now be used.

+ Python plugin: Add flag attributes to MessageInfo object.

+ Python plugin: Make 'account' property of ComposeWindow read/write.

+ Libravatar plugin: a network timeout option has been added.

+ The tbird2claws.py script, for converting a Thunderbird mailbox to a Claws Mail mailbox, now handles sub-directory recursion.

+ Updated translations

Solution

Update the affected claws-mail packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=903276

https://lists.opensuse.org/opensuse-updates/2014-11/msg00030.html

Plugin Details

Severity: Low

ID: 79106

File Name: openSUSE-2014-640.nasl

Version: 1.12

Type: local

Agent: unix

Published: 11/11/2014

Updated: 6/28/2023

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:claws-mail, cpe:/o:novell:opensuse:13.2, p-cpe:/a:novell:opensuse:claws-mail-devel, p-cpe:/a:novell:opensuse:claws-mail-debuginfo, p-cpe:/a:novell:opensuse:claws-mail-debugsource, p-cpe:/a:novell:opensuse:claws-mail-lang

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/3/2014

Vulnerability Publication Date: 10/15/2014

Reference Information

CVE: CVE-2014-3566