| |||||||||||||||||||
Pardus alert 2010-99 (bogofilter)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-99 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-08-02 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in bogofilter, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Description =========== CVE-2010-2494: Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character. Affected packages: Pardus 2009: bogofilter, all before 1.2.1-16-4 Resolution ========== There are update(s) for bogofilter. You can update them via Package Manager or with a single command from console: pisi up bogofilter References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=13690 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... * https://bugzilla.redhat.com/show_bug.cgi?id=611551 ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||