Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Scientific Linux: 2014-1172-1 Critical: procmail Buffer Overflow Issue

Calendar Sep 10, 2014 User Avatar LinuxSecurity Advisories
1 - 2 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory buffer overflow critical important procmail SL5 SL6
Important: procmail security update 
Date: Wed, 10 Sep 2014 14:28:41 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: procmail on SL5.x, SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: procmail security update
Advisory ID: SLSA-2014:1172-1
Issue Date: 2014-09-10
CVE Numbers: CVE-2014-3618
--

A heap-based buffer overflow flaw was found in procmail's formail utility.
A remote attacker could send an email with specially crafted headers that,
when processed by formail, could cause procmail to crash or, possibly,
execute arbitrary code as the user running formail. (CVE-2014-3618)
--

SL5
 x86_64
 procmail-3.22-17.1.2.x86_64.rpm
 procmail-debuginfo-3.22-17.1.2.x86_64.rpm
 i386
 procmail-3.22-17.1.2.i386.rpm
 procmail-debuginfo-3.22-17.1.2.i386.rpm
SL6
 x86_64
 procmail-3.22-25.1.el6_5.1.x86_64.rpm
 procmail-debuginfo-3.22-25.1.el6_5.1.x86_64.rpm
 i386
 procmail-3.22-25.1.el6_5.1.i686.rpm
 procmail-debuginfo-3.22-25.1.el6_5.1.i686.rpm

- Scientific Linux Development Team
Your message here