Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 12 articles for you...
198
security advisoryarbitrary code executioncritical flawArch Linux Advisory ASA-201711-39 Critical: Procmail Exec Issue
The package procmail before version 3.22-9 is vulnerable to arbitrary code execution. . Arch Linux Security Advisory ASA-201711-39 ========================================= Severity: Critical Date : 2017-11-30 CVE-ID : CVE-2017-16844 Package : procmail Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-515 Summary ====== The package procmail before version 3.22-9 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 3.22-9. # pacman -Syu "procmail> =3.22-9" The problem has been fixed upstream but no release is available yet. Workaround ========= None. Description ========== A heap-based buffer overflow flaw was found in the loadbuf function in formisc.c in the formail utility in procmail
Dec 01, 2017
•Critical
ArchLinux
200
security advisorybuffer overflowcriticalScientific Linux SL7: SLSA-2017-3269-1 Critical: Procmail Buffer Overflow
A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail. (CVE-2017-16844) SL7 x86_64 procmail-3.22-36.el7_4.1.x86_64.rpm procmail-debuginfo-3.22-36.el7_4.1.x86_64.rpm - Scientific Lin [More...]. Synopsis: Important: procmail security update Advisory ID: SLSA-2017:3269-1 Issue Date: 2017-11-29 CVE Numbers: CVE-2017-16844 -- Security Fix(es): * A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail. (CVE-2017-16844) -- SL7 x86_64 procmail-3.22-36.el7_4.1.x86_64.rpm procmail-debuginfo-3.22-36.el7_4.1.x86_64.rpm - Scientific Linux Development Team . Urgent patch released for procmail addressing a serious buffer overflow vulnerability, mitigating risks from maliciously-crafted emails on SL7.x.. procmail Security Update, Scientific Linux Procmail, Buffer Overflow Vulnerability. . Severity: Critical. LinuxSecurity.com Team
Nov 29, 2017
•Critical
Scientific Linux
199
security advisorysecurity updatecriticalCentOS: CESA-2017-3269 Critical Procmail Security Update
Upstream details at : https://access.redhat.com/errata/RHSA-2017:3269. CentOS Errata and Security Advisory 2017:3269 Important Upstream details at : https://access.redhat.com/errata/RHSA-2017:3269 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 4e789cc8cfc479b020b1977b28f46ae8a0ad75ded87505b170a045fb8cc84940 procmail-3.22-36.el7_4.1.x86_64.rpm Source: e8ee557c75d2725eeca4c67d9b59a58e55f3bdd4e56713dc0e32aa365d2f0117 procmail-3.22-36.el7_4.1.src.rpm -- Johnny Hughes CentOS Project { https://www.centos.org/ } irc: hughesjr, #
Nov 28, 2017
•Critical
CentOS
98
security advisorybuffer overflowsecurity fixSevere Buffer Overflow Vulnerability in Procmail for RHEL 7 Systems
An update for procmail is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: procmail security update Advisory ID: RHSA-2017:3269-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:3269 Issue date: 2017-11-28 CVE Names: CVE-2017-16844 ==================================================================== 1. Summary: An update for procmail is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le 3. Description: The procmail packages contain a mail processing tool that can be used to create mail servers, mailing lists, sort incoming mail into separate folders or files, preprocess mail, start any program upon mail arrival, or automatically forward selected incoming mail. Security Fix(es): * A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail. (CVE-2017-16844) 4.Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1500070 - CVE-2017-16844 procmail: Heap-based buffer overflow in loadbuf function in formisc.c 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: procmail-3.22-36.el7_4.1.src.rpm x86_64: procmail-3.22-36.el7_4.1.x86_64.rpm procmail-debuginfo-3.22-36.el7_4.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: procmail-3.22-36.el7_4.1.src.rpm ppc64: procmail-3.22-36.el7_4.1.ppc64.rpm procmail-debuginfo-3.22-36.el7_4.1.ppc64.rpm ppc64le: procmail-3.22-36.el7_4.1.ppc64le.rpm procmail-debuginfo-3.22-36.el7_4.1.ppc64le.rpm s390x: procmail-3.22-36.el7_4.1.s390x.rpm procmail-debuginfo-3.22-36.el7_4.1.s390x.rpm x86_64: procmail-3.22-36.el7_4.1.x86_64.rpm procmail-debuginfo-3.22-36.el7_4.1.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: procmail-3.22-36.el7_4.1.src.rpm aarch64: procmail-3.22-36.el7_4.1.aarch64.rpm procmail-debuginfo-3.22-36.el7_4.1.aarch64.rpm ppc64le: procmail-3.22-36.el7_4.1.ppc64le.rpm procmail-debuginfo-3.22-36.el7_4.1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: procmail-3.22-36.el7_4.1.src.rpm x86_64: procmail-3.22-36.el7_4.1.x86_64.rpm procmail-debuginfo-3.22-36.el7_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-16844 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFaHd0NXlSAg2UNWIIRAkX6AJ4pLQI+dx8Fm1xHehnwfPc8DMqwTwCeJvsK PWKDWDmjXdT9z5q3RieVuGE=/ACr -----ENDPGP SIGNATURE----- -- RHSA-announce mailing list
Nov 28, 2017
•Important
Red Hat
172
security advisorydenial of serviceupdate instructionsUbuntu 12.04 ESM: USN-3483-2 High: Procmail Denial Of Service
formail could be made to crash or run programs if it processed specially crafted mail.. =========================================================================Ubuntu Security Notice USN-3483-2 November 21, 2017 procmail vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: formail could be made to crash or run programs if it processed specially crafted mail. Software Description: - procmail: Versatile e-mail processor Details: USN-3483-1 fixed a vulnerability in procmail. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Jakub Wilk discovered that the formail tool incorrectly handled certain malformed mail messages. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: procmail 3.22-19ubuntu0.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3483-2 CVE-2017-16844 . Tackling a procmail security flaw in Ubuntu 12.04: Potential denial of service or arbitrary code execution when handling specially designed emails.. Procmail Vulnerability, Ubuntu Update, Denial Of Service, Security Notice, Email Processing Threat. . LinuxSecurity.com Team
Nov 21, 2017
Ubuntu
87
security advisorydenial of serviceupdateDebian: DSA-4041-1 Critical: Procmail Buffer Overflow Denial Of Service
Jakub Wilk reported a heap-based buffer overflow vulnerability in procmail's formail utility when processing specially-crafted email headers. A remote attacker could use this flaw to cause formail to crash, resulting in a denial of service or data loss. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4041-1
Nov 19, 2017
•Critical
Debian
197
security advisorybuffer overflowdebianDebian 7 Wheezy DLA-1173-1 Critical: Procmail Buffer Overflow
It was discovered that there was a heap-based buffer overflow in procmail, a tool used to sort incoming mail into various directories and filter out spam messages. . Hash: SHA256 Package : procmail Version : 3.22-20+deb7u2 CVE ID : CVE-2017-16844 Debian Bug : #876511 It was discovered that there was a heap-based buffer overflow in procmail, a tool used to sort incoming mail into various directories and filter out spam messages. For Debian 7 "Wheezy", this issue has been fixed in procmail version 3.22-20+deb7u2. We recommend that you upgrade your procmail packages. Regards, - -- ,'`. : :' : Chris Lamb `. `'`
Nov 18, 2017
•Critical
Debian LTS
89
security advisorybuffer overflowsoftware updateFedora 26 Procmail Security Update: Fix for Buffer Overflow Threat
This is security update fixing possible buffer overflow in loadbuf function.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-36eb36ea71 2017-10-25 21:34:15.277848 --------------------------------------------------------------------------------Name : procmail Product : Fedora 26 Version : 3.22 Release : 44.fc26 URL : http://www.procmail.org Summary : Mail processing program Description : Procmail can be used to create mail-servers, mailing lists, sort your incoming mail into separate folders/files (real convenient when subscribing to one or more mailing lists or for prioritising your mail), preprocess your mail, start any programs upon mail arrival (e.g. to generate different chimes on your workstation for different types of mail) or selectively forward certain incoming mail automatically to someone. --------------------------------------------------------------------------------Update Information: This is security update fixing possible buffer overflow in loadbuf function. --------------------------------------------------------------------------------References: [ 1 ] Bug #1500070 - procmail: Heap-based buffer overflow in loadbuf function in formisc.c https://bugzilla.redhat.com/show_bug.cgi?id=1500070 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade procmail' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Oct 25, 2017
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!