You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa procmail

Sigurnosni nedostatak programskog paketa procmail

——————————————————————————–
Fedora Update Notification
FEDORA-2014-10359
2014-09-09 20:18:30
——————————————————————————–

Name : procmail
Product : Fedora 19
Version : 3.22
Release : 36.fc19
URL : http://www.procmail.org
Summary : Mail processing program
Description :
Procmail can be used to create mail-servers, mailing lists, sort your
incoming mail into separate folders/files (real convenient when subscribing
to one or more mailing lists or for prioritising your mail), preprocess
your mail, start any programs upon mail arrival (e.g. to generate different
chimes on your workstation for different types of mail) or selectively
forward certain incoming mail automatically to someone.

——————————————————————————–
Update Information:

This is an update fixing CVE-2014-3618.
——————————————————————————–
ChangeLog:

* Thu Sep 4 2014 Jaroslav Škarvada <jskarvad@redhat.com> – 3.22-36
– Fixed buffer overflow in formail
Resolves: CVE-2014-3618
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 3.22-35
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 3.22-34
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 3.22-33
– Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
——————————————————————————–
References:

[ 1 ] Bug #1137581 – CVE-2014-3618 procmail: Heap-overflow in procmail’s formail utility when processing specially-crafted email headers
https://bugzilla.redhat.com/show_bug.cgi?id=1137581
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update procmail’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Top
More in Preporuke
Ranjivosti programskog paketa curl

Otkrivene su dvije ranjivosti u programskoj biblioteci libcurl za Mandriva Business Server 1.0. Ranjivosti udaljenim napadačima omogućavaju manipuliranje cookieima. Savjetuje...

Close