SCIENTIFIC-LINUX-ERRATA Archives

September 2014

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: procmail on SL5.x, SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 10 Sep 2014 14:28:41 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (29 lines) 
Synopsis:          Important: procmail security update
Advisory ID:       SLSA-2014:1172-1
Issue Date:        2014-09-10
CVE Numbers:       CVE-2014-3618
--

A heap-based buffer overflow flaw was found in procmail's formail utility.
A remote attacker could send an email with specially crafted headers that,
when processed by formail, could cause procmail to crash or, possibly,
execute arbitrary code as the user running formail. (CVE-2014-3618)
--

SL5
  x86_64
    procmail-3.22-17.1.2.x86_64.rpm
    procmail-debuginfo-3.22-17.1.2.x86_64.rpm
  i386
    procmail-3.22-17.1.2.i386.rpm
    procmail-debuginfo-3.22-17.1.2.i386.rpm
SL6
  x86_64
    procmail-3.22-25.1.el6_5.1.x86_64.rpm
    procmail-debuginfo-3.22-25.1.el6_5.1.x86_64.rpm
  i386
    procmail-3.22-25.1.el6_5.1.i686.rpm
    procmail-debuginfo-3.22-25.1.el6_5.1.i686.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2