| View previous topic :: View next topic |
| Author |
Message |
pilla
Bodhisattva
Joined: 07 Aug 2002
Posts: 7730
Location: Underworld
|
 Posted: Tue Sep 16, 2003 5:09 pm Post subject: [gentoo-announce] GLSA 200309-10: Pine |
 |
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-
---------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-10
-
---------------------------------------------------------------------------
PACKAGE : net-mail/pine
SUMMARY : buffer overflow, integer overflow
DATE : 2003-09-16 05:58 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <pine-4.58
FIXED VERSION : >=pine-4.58 >=pine-4.58-r1(masked)
CVE : CAN-2003-0720, CAN-2003-0721
-
---------------------------------------------------------------------------
quote from advisory:
"A remotely exploitable buffer overflow exists within the parsing of the
message/external-body type attribute name/value pairs. Failure to check
that the length of the longest attribute is less than the space
available allows a maliciously formed e-mail message to overwrite
control structures."
"A remotely exploitable integer overflow exists in the parsing of e-mail
headers, allowing for arbitrary code execution upon the opening of a
malicious e-mail."
read the full advisory at:
http://www.idefense.com/advisory/09.10.03.txt
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-mail/pine upgrade to either one of these versions:
pine-4.58 OR
pine-4.58-r1 if accepting "~" keywords.
emerge sync
emerge pine
emerge clean
// end
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
iD8DBQE/Zqapnt0v0zAqOHYRAr8UAKCM81NvUvMqMIfzN9G4Y1HuLidG3QCgpWcj
LOOzb/LbWW1AeoKeqKjLtyk=
=rslH
-----END PGP SIGNATURE-----
_________________
"I'm just very selective about the reality I choose to accept." -- Calvin |
|
| Back to top |
|
 |
rac
Bodhisattva
Joined: 30 May 2002
Posts: 6553
Location: Japanifornia
|
| Posted: Tue Sep 23, 2003 6:15 am Post subject: Correction from rajiv |
|
|
Properly signed GLSA 200309-10
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-10
- ---------------------------------------------------------------------------
PACKAGE : net-mail/pine
SUMMARY : buffer overflow, integer overflow
DATE : 2003-09-16 05:58 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <pine-4.58
FIXED VERSION : >=pine-4.58 >=pine-4.58-r1(masked)
CVE : CAN-2003-0720, CAN-2003-0721
- ---------------------------------------------------------------------------
quote from advisory:
"A remotely exploitable buffer overflow exists within the parsing of the
message/external-body type attribute name/value pairs. Failure to check
that the length of the longest attribute is less than the space
available allows a maliciously formed e-mail message to overwrite
control structures."
"A remotely exploitable integer overflow exists in the parsing of e-mail
headers, allowing for arbitrary code execution upon the opening of a
malicious e-mail."
read the full advisory at:
http://www.idefense.com/advisory/09.10.03.txt
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-mail/pine upgrade to either one of these versions:
pine-4.58 OR
pine-4.58-r1 if accepting "~" keywords.
emerge sync
emerge pine
emerge clean
// end
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)
iD8DBQE/b+Npnt0v0zAqOHYRApafAJ9DNpTi/L+VweLoVosLoJSQbl06EQCdFbvB
PXz4j5euDVpB17i2rruMNP4=
=fBKo
-----END PGP SIGNATURE-----
_________________
For every higher wall, there is a taller ladder |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
News & Announcements
