A heap-based buffer overflow flaw was found in the way bogolexer component of Bogofilter, fast anti-spam filtering tool by Bayesian statistical analysis, performed decoding of certain base64 strings. A remote attacker could provide a specially-crafted base64 code (decoding to incomplete multibyte characters) that, when processed, would lead to bogolexer executable crash or, potentially, arbitrary code execution with the privileges of the user running the binary. Upstream advisory: [1] http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01 References: [2] http://www.openwall.com/lists/oss-security/2012/12/03/13 Relevant upstream patch: [3] http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6973 Reproducer / regression test: [4] http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6975
This issue affects the versions of the bogofilter package, as shipped with Fedora release of 16 and 17. Please schedule an update. -- This issue affects the versions of the bogofilter package, as shipped with Fedora EPEL 5 and Fedora EPEL 6. Please schedule an update.
Created bogofilter tracking bugs for this issue Affects: fedora-all [bug 883359] Affects: epel-all [bug 883360]
bogofilter-1.2.3-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
bogofilter-1.2.3-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
bogofilter-1.2.3-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
bogofilter-1.2.3-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
bogofilter-1.2.3-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
Shouldn't this issue be closed?
Hello Red Hat Product Security, can this bug be closed? Both bugs this depends on have been closed. So it looks like this could also be closed.