Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Scientific Linux: 2014-1172-1 Critical: procmail Buffer Overflow Issue

Scientific Large Esm H446
Important: procmail security update
Date: Wed, 10 Sep 2014 14:28:41 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: procmail on SL5.x, SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: procmail security update
Advisory ID: SLSA-2014:1172-1
Issue Date: 2014-09-10
CVE Numbers: CVE-2014-3618
--

A heap-based buffer overflow flaw was found in procmail's formail utility.
A remote attacker could send an email with specially crafted headers that,
when processed by formail, could cause procmail to crash or, possibly,
execute arbitrary code as the user running formail. (CVE-2014-3618)
--

SL5
 x86_64
 procmail-3.22-17.1.2.x86_64.rpm
 procmail-debuginfo-3.22-17.1.2.x86_64.rpm
 i386
 procmail-3.22-17.1.2.i386.rpm
 procmail-debuginfo-3.22-17.1.2.i386.rpm
SL6
 x86_64
 procmail-3.22-25.1.el6_5.1.x86_64.rpm
 procmail-debuginfo-3.22-25.1.el6_5.1.x86_64.rpm
 i386
 procmail-3.22-25.1.el6_5.1.i686.rpm
 procmail-debuginfo-3.22-25.1.el6_5.1.i686.rpm

- Scientific Linux Development Team