procmail-3.22-25.1.AXS4.1

エラータID: AXSA:2014-513:01

Release date: 
Thursday, September 11, 2014 - 14:52
Subject: 
procmail-3.22-25.1.AXS4.1
Affected Channels: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

Description :
Procmail can be used to create mail-servers, mailing lists, sort your
incoming mail into separate folders/files (real convenient when subscribing
to one or more mailing lists or for prioritising your mail), preprocess
your mail, start any programs upon mail arrival (e.g. to generate different
chimes on your workstation for different types of mail) or selectively
forward certain incoming mail automatically to someone.

Security issues fixed with this release:

CVE-2014-3618
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Please see more information below CVEs link.

Solution: 

update package.

CVEs: 
CVE-2014-3618
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."


Additional Info: 

N/A

Download: 

SRPMS
  1. procmail-3.22-25.1.AXS4.1.src.rpm
    MD5: fcd32647d4191e1701fbcd08fbf18cc7
    SHA-256: 14a331a201978ff67def39dc1bfa55490e8ff3540c29ccd4820884a8280dbe01
    Size: 256.86 kB

Asianux Server 4 for x86
  1. procmail-3.22-25.1.AXS4.1.i686.rpm
    MD5: b498f07cbf0cf9b4b54d7306bb827867
    SHA-256: 478bd498be8634d7e9b7bda77cf68f7b8c76a3fa4d614cbf0a179d47c849d644
    Size: 158.05 kB

Asianux Server 4 for x86_64
  1. procmail-3.22-25.1.AXS4.1.x86_64.rpm
    MD5: 7d00d2140c7eca361b57ad33224a9af2
    SHA-256: 1e3ccff7b25f6f5d4096ce5b168cb5bb9563fb168074f7a9793e0e5d92b95218
    Size: 161.27 kB