Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Slackware 14.1: 2016-062-01 Critical Mailx Shell Command Execution

slackware
Calendar Grey March 3, 2016
Dist Slackware Esm H88
Recent mailx updates made available for Slackware to resolve severe security vulnerabilities. Immediate upgrade is suggested for every system version.
New mailx packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues

Summary

Here are the details from the Slackware 14.1 ChangeLog: patches/packages/mailx-12.5-i486-2_slack14.1.txz: Rebuilt. Drop SSLv2 support (no longer supported by OpenSSL), and fix security issues that could allow a local attacker to cause mailx to execute arbitrary shell commands through the use of a specially-crafted email address. For more information, see: https://www.cve.org/CVERecord?id=CVE-2004-2771 https://www.cve.org/CVERecord?id=CVE-2014-7844 (* Security fix *)

Topics%20covered

Topics Covered

security advisory critical security fix Slackware local attack mailx shell command execution

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/mailx-12.5-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/mailx-12.5-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mailx-12.5-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mailx-12.5-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mailx-12.5-i486-1_slack13.37.txz
Updated package for Slackware x86_64 1...

Read the Full Advisory

MD5 Signatures

Slackware 13.0 package: 38ee95ec8ed3dfdaf2f736e3e0e3fc39 mailx-12.5-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 1df63fd2f328a10beca73a155b79ff3c mailx-12.5-x86_64-1_slack13.0.txz
Slackware 13.1 package: 7ed6abe0adf99fe6cc2a820ca7b4086d mailx-12.5-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 991ac2b0121330bdb3ecd1f32f62d53c mailx-12.5-x86_64-1_slack13.1.txz
Slackware 13.37 package: 5f8ddb457a40ebbb5ea83b086c2ca964 mailx-12.5-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 9898bb8aa35e1c7ea21898aafe2de0e6 mailx-12.5-x86_64-1_slack13.37.txz
Slackware 14.0 package: 8a52d8cf54387eb6de3a00a90334694b mailx-12.5-i486-2_slack14.0.txz
Slackware x86_64 14.0 package: abe166a6d5e80195f6a07213ad0f89c9 mailx-12.5-x86_64-2_slack14.0.txz
Slackware 14.1 package: 39496e377649bc8c5ed75c15dc9d2505 mailx-12.5-i486-2_slack14.1.txz
Slackware x86_64 14.1 package: cded8a78db70f0e5208475c988b4facb mailx-12.5-x86_64-2_slack14.1.txz
Slackware -current package: 2c416a0e6e988dac27b99bb5eda67224 n/mailx-12.5-i586-2.txz
Slackware x86_64 -current package: 237538b03e07025f97eb21708fda82bc n/mailx-12.5-x86_64-2.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory critical security fix Slackware local attack mailx shell command execution

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg mailx-12.5-i486-2_slack14.1.txz

Related News

Your message here