bogofilter-common-1.2.4-9.6 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10502-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z bogofilter-common-1.2.4-9.6 on GA media These are all security issues fixed in the bogofilter-common-1.2.4-9.6 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10502 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2010-2494/ SUSE CVE CVE-2010-2494 page https://www.suse.com/security/cve/CVE-2012-5468/ SUSE CVE CVE-2012-5468 page openSUSE Tumbleweed bogofilter-common-1.2.4-9.6 bogofilter-db-1.2.4-9.6 bogofilter-doc-1.2.4-9.6 bogofilter-kyotocabinet-1.2.4-9.6 bogofilter-sqlite3-1.2.4-9.6 bogofilter-common-1.2.4-9.6 as a component of openSUSE Tumbleweed bogofilter-db-1.2.4-9.6 as a component of openSUSE Tumbleweed bogofilter-doc-1.2.4-9.6 as a component of openSUSE Tumbleweed bogofilter-kyotocabinet-1.2.4-9.6 as a component of openSUSE Tumbleweed bogofilter-sqlite3-1.2.4-9.6 as a component of openSUSE Tumbleweed Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character. CVE-2010-2494 openSUSE Tumbleweed:bogofilter-common-1.2.4-9.6 openSUSE Tumbleweed:bogofilter-db-1.2.4-9.6 openSUSE Tumbleweed:bogofilter-doc-1.2.4-9.6 openSUSE Tumbleweed:bogofilter-kyotocabinet-1.2.4-9.6 openSUSE Tumbleweed:bogofilter-sqlite3-1.2.4-9.6 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2494.html CVE-2010-2494 https://bugzilla.suse.com/619847 SUSE Bug 619847 Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an email containing a base64 string that is decoded to incomplete multibyte characters. CVE-2012-5468 openSUSE Tumbleweed:bogofilter-common-1.2.4-9.6 openSUSE Tumbleweed:bogofilter-db-1.2.4-9.6 openSUSE Tumbleweed:bogofilter-doc-1.2.4-9.6 openSUSE Tumbleweed:bogofilter-kyotocabinet-1.2.4-9.6 openSUSE Tumbleweed:bogofilter-sqlite3-1.2.4-9.6 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5468.html CVE-2012-5468 https://bugzilla.suse.com/792939 SUSE Bug 792939