procmail-3.22-36.el7.1

エラータID: AXSA:2017-2423:02

Release date: 
Monday, December 4, 2017 - 16:29
Subject: 
procmail-3.22-36.el7.1
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The procmail packages contain a mail processing tool that can be used to create mail servers, mailing lists, sort incoming mail into separate folders or files, preprocess mail, start any program upon mail arrival, or automatically forward selected incoming mail.

Security Fix(es):

* A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail. (CVE-2017-16844)

CVE-2017-16844
Heap-based buffer overflow in the loadbuf function in formisc.c in
formail in procmail 3.22 allows remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
crafted e-mail message because of a hardcoded realloc size, a different
vulnerability than CVE-2014-3618.

Solution: 

Update packages.

CVEs: 
CVE-2017-16844
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.
Additional Info: 

N/A

Download: 

SRPMS
  1. procmail-3.22-36.el7.1.src.rpm
    MD5: 3866679e4b18ac3ac827bd6bb0480123
    SHA-256: 71cb54f26474483a3d468ab2294d1d491e0bac08a044b07c581567c83e8a5275
    Size: 260.25 kB

Asianux Server 7 for x86_64
  1. procmail-3.22-36.el7.1.x86_64.rpm
    MD5: e6029d6771935c7412afc9309960334b
    SHA-256: 83d24b7001b58221e9c96c0cf48cfc4212de628b544e02a3bff3680e612a3708
    Size: 170.58 kB