Scientific Linux alert SLSA-2014:1172-1 (procmail)


From:
    	       Pat Riehecky <riehecky@fnal.gov> 
To:
    	       <scientific-linux-errata@listserv.fnal.gov> 
Subject:
    	       Security ERRATA Important: procmail on SL5.x, SL6.x i386/x86_64 
Date:
    	       Wed, 10 Sep 2014 14:28:41 +0000
Message-ID:
    	       <20140910142841.19870.13790@slpackages.fnal.gov>
Synopsis:          Important: procmail security update
Advisory ID:       SLSA-2014:1172-1
Issue Date:        2014-09-10
CVE Numbers:       CVE-2014-3618
--

A heap-based buffer overflow flaw was found in procmail's formail utility.
A remote attacker could send an email with specially crafted headers that,
when processed by formail, could cause procmail to crash or, possibly,
execute arbitrary code as the user running formail. (CVE-2014-3618)
--

SL5
  x86_64
    procmail-3.22-17.1.2.x86_64.rpm
    procmail-debuginfo-3.22-17.1.2.x86_64.rpm
  i386
    procmail-3.22-17.1.2.i386.rpm
    procmail-debuginfo-3.22-17.1.2.i386.rpm
SL6
  x86_64
    procmail-3.22-25.1.el6_5.1.x86_64.rpm
    procmail-debuginfo-3.22-25.1.el6_5.1.x86_64.rpm
  i386
    procmail-3.22-25.1.el6_5.1.i686.rpm
    procmail-debuginfo-3.22-25.1.el6_5.1.i686.rpm

- Scientific Linux Development Team

From:		Pat Riehecky <riehecky@fnal.gov>
To:		<scientific-linux-errata@listserv.fnal.gov>
Subject:		Security ERRATA Important: procmail on SL5.x, SL6.x i386/x86_64
Date:		Wed, 10 Sep 2014 14:28:41 +0000
Message-ID:		<20140910142841.19870.13790@slpackages.fnal.gov>