A buffer overflow error in GMime might allow remote attackers to execute arbitrary code or cause a Denial of Service condition.
Package | dev-libs/gmime on all architectures |
---|---|
Affected versions | < 2.4.15 |
Unaffected versions | >= 2.4.15 revision >= 2.4.17 revision >= 2.2.26 |
GMime is a C/C++ library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension (MIME).
GMime contains a buffer overflow flaw in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h.
A context-dependent attacker could possibly execute arbitrary code or cause a Denial of Service condition.
There is no known workaround at this time.
GMime 2.4.x users on the PPC64 architecture should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/gmime-2.4.17"
GMime 2.4.x users on other architectures should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/gmime-2.4.15"
GMime 2.2.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/gmime-2.2.26"
Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.
Release date
January 21, 2014
Latest revision
January 21, 2014: 1
Severity
normal
Exploitable
local, remote
Bugzilla entries