Synopsis:          Important: procmail security update
Advisory ID:       SLSA-2014:1172-1
Issue Date:        2014-09-10
CVE Numbers:       CVE-2014-3618
--

A heap-based buffer overflow flaw was found in procmail's formail utility.
A remote attacker could send an email with specially crafted headers that,
when processed by formail, could cause procmail to crash or, possibly,
execute arbitrary code as the user running formail. (CVE-2014-3618)
--

SL5
  x86_64
    procmail-3.22-17.1.2.x86_64.rpm
    procmail-debuginfo-3.22-17.1.2.x86_64.rpm
  i386
    procmail-3.22-17.1.2.i386.rpm
    procmail-debuginfo-3.22-17.1.2.i386.rpm
SL6
  x86_64
    procmail-3.22-25.1.el6_5.1.x86_64.rpm
    procmail-debuginfo-3.22-25.1.el6_5.1.x86_64.rpm
  i386
    procmail-3.22-25.1.el6_5.1.i686.rpm
    procmail-debuginfo-3.22-25.1.el6_5.1.i686.rpm

- Scientific Linux Development Team