• info
• discussion
• exploit
• solution
• references

Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulnerability

Solution:
This issue has been addressed in Sylpheed 1.0.4 and 1.9.5.

Fedora has released advisories and fixes for Fedora Core 2 and Core 3.

Upgrades are available for users of Gentoo Linux:

All Sylpheed users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/sylpheed-1.0.4"

All Sylpheed-claws users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/sylpheed-claws-1.0.4"

For more information, please see the referenced Gentoo Linux advisory.

TurboLinux has released advisory TLSA-2005-44 along with fixes dealing with this issue. Please see the referenced advisory for more information.


Red Hat Fedora Core2

• Fedora sylpheed-1.0.4-0.fc2.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386 /sylpheed-1.0.4-0.fc2.i386.rpm


• Fedora sylpheed-1.0.4-0.fc2.x86_64.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_ 64/sylpheed-1.0.4-0.fc2.x86_64.rpm


• Fedora sylpheed-debuginfo-1.0.4-0.fc2.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386 /debug/sylpheed-debuginfo-1.0.4-0.fc2.i386.rpm


• Fedora sylpheed-debuginfo-1.0.4-0.fc2.x86_64.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_ 64/debug/sylpheed-debuginfo-1.0.4-0.fc2.x86_64.rpm

Red Hat Fedora Core3

• Fedora sylpheed-1.0.4-0.fc3.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386 /sylpheed-1.0.4-0.fc3.i386.rpm


• Fedora sylpheed-1.0.4-0.fc3.x86_64.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_ 64/sylpheed-1.0.4-0.fc3.x86_64.rpm


• Fedora sylpheed-debuginfo-1.0.4-0.fc3.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386 /debug/sylpheed-debuginfo-1.0.4-0.fc3.i386.rpm


• Fedora sylpheed-debuginfo-1.0.4-0.fc3.x86_64.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_ 64/debug/sylpheed-debuginfo-1.0.4-0.fc3.x86_64.rpm

Sylpheed Sylpheed 0.8

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.8.11

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.10

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.11

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.12

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.4

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.5

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.6

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.7

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.8

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.9

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.99

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 1.0 .0

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 1.0.1

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 1.0.2

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 1.0.3

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 1.9

• Sylpheed sylpheed-1.9.5.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.9/sylpheed-1.9.5.tar.gz

Sylpheed Sylpheed 1.9.1

• Sylpheed sylpheed-1.9.5.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.9/sylpheed-1.9.5.tar.gz

Sylpheed Sylpheed 1.9.2

• Sylpheed sylpheed-1.9.5.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.9/sylpheed-1.9.5.tar.gz

Sylpheed Sylpheed 1.9.3

• Sylpheed sylpheed-1.9.5.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.9/sylpheed-1.9.5.tar.gz

Sylpheed Sylpheed 1.9.4

• Sylpheed sylpheed-1.9.5.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.9/sylpheed-1.9.5.tar.gz