You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa procmail

Sigurnosni nedostatak programskog paketa procmail

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3483-1
November 20, 2017

procmail vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

formail could be made to crash or run programs if it processed specially
crafted mail.

Software Description:
– procmail: Versatile e-mail processor

Details:

Jakub Wilk discovered that the formail tool incorrectly handled certain
malformed mail messages. An attacker could use this flaw to cause formail
to crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
procmail 3.22-25ubuntu0.17.10.1

Ubuntu 17.04:
procmail 3.22-25ubuntu0.17.04.1

Ubuntu 16.04 LTS:
procmail 3.22-25ubuntu0.16.04.1

Ubuntu 14.04 LTS:
procmail 3.22-21ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3483-1
CVE-2017-16844

Package Information:
https://launchpad.net/ubuntu/+source/procmail/3.22-25ubuntu0.17.10.1
https://launchpad.net/ubuntu/+source/procmail/3.22-25ubuntu0.17.04.1
https://launchpad.net/ubuntu/+source/procmail/3.22-25ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/procmail/3.22-21ubuntu0.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJaEyPbAAoJEGVp2FWnRL6T2IoQAJV/s2VU6PPL5wftsVWQq6Og
f1eMYacusDdbpQdgHlBkeWdUZ1DPb7EN/wLoYq/9ypx1UjkTIqWGM/YwofE7mz9k
GXsauNfn7uTrpvvjuU1JIsUFe6yVp+6q3LAMdwf4XIQBZp439IzjoAPQlRMvI4RZ
YpcM9Srl/2NjE1TxoUoI5GajtiN7kYEYgtOUCl927r/a1lToQLWB3UfIwVdYXeuv
GgsU9kTQOWS5NN+2/dmVV6zsQsegRNz5ZQ/f2dUYTzHyFNFL4/0hV7V3q2nYD9LX
5BB89eZXPBMOPR+TDXS6WtnOCI6HHG9K/Cng+3CokLWc0xHNlOiOg6ni/7QHuuZf
kH5kvSCf/MZa0xt7sFWNYoyycilv0U8uSmwoCRUBeH6i9C84W0yQAjNkfpFFZbIx
BCNN66Hv+KYocYim5TlXj29yskgCmMNqitYPBGQKwmaL9ly1WV8N/psCGSq2x9mf
xyFrmQEnLpz9A6pqKH0IM8BVCNy3GX0BkdcMmbLA64PuZMf9NLfbrgmILL9nvmFx
4yxLX5T7OAL2mD26V0ScNWqOA0MEfKvmczkOGn3D109HTEv9Fp9Hgi7QwxGLEQFw
CgAVKKxlOTONjWQ2UbCacIuGLct+Y2LyUiNfk8D2eb4k/cv9MrLBU2mWOzeHSCqv
gKPJLy+e5eNqXswGiZN7
=eZQy
—–END PGP SIGNATURE—–

 

==========================================================================

Ubuntu Security Notice USN-3483-2

November 21, 2017

 

procmail vulnerability

==========================================================================

 

A security issue affects these releases of Ubuntu and its derivatives:

 

– Ubuntu 12.04 ESM

 

Summary:

 

formail could be made to crash or run programs if it processed

specially crafted mail.

 

Software Description:

– procmail: Versatile e-mail processor

 

Details:

 

USN-3483-1 fixed a vulnerability in procmail. This update provides the

corresponding update for Ubuntu 12.04 ESM.

 

Original advisory details:

 

 Jakub Wilk discovered that the formail tool incorrectly handled

 certain malformed mail messages. An attacker could use this flaw to

 cause formail to crash, resulting in a denial of service, or possibly

 execute arbitrary code.

 

Update instructions:

 

The problem can be corrected by updating your system to the following

package versions:

 

Ubuntu 12.04 ESM:

  procmail                        3.22-19ubuntu0.2

 

In general, a standard system update will make all the necessary

changes.

 

References:

  https://www.ubuntu.com/usn/usn-3483-2

  https://www.ubuntu.com/usn/usn-3483-1

  CVE-2017-16844

—–BEGIN PGP SIGNATURE—–

Version: GnuPG v2

 

iQIcBAABCAAGBQJaFC/cAAoJEEW851uECx9pRPAP/3eLGO/LQ0GSva3rHbN+CMFV

Vv9nmBJCBmIoizPupnO5frFtHJ3E0LQReyteoRCs4yU75ijDzZ0oKEjtfJCUzdeQ

/KGTT5Df6zU4P876h2zF28IXpjmA72wYoW5LpA9BLqNdeNjxS/xxZe6+FpqkWYQi

5yKTEqm5FiJ31zT8MRXl0DYKiYIVGXTlxs7tgjSnSm8o8qR8p9sY84Uc3s5srWPs

cui2EVPUjSFeNPoAAQKP0ezHKze0YCi3xzkriyh13XbY1nVl5O9At/JOeUbrX6sM

3O2BIpuOnCe94/RajvPh+T/NYEq9XyTarOx3P13jnBwPhqgdD2n8Ls71rpKD4Cb8

bXYjbqnA7ZuGCpE5DmODrdMDFN1yjRbZiyQGhkrQKu6EYiyhrfH3pdbhAQ7J1gMh

Ij11aVjBTNVn0PVuDSgbCErikZ+0XaO5M5zemtZMMlPDDRc94CWF3vb2l51Mlc+f

HbQwXle63a18z6kxKKyRFdzL641DDVQJRssVS8mzyc9hPgUtYwDId9Iv8lKmVIkh

ZBzOyNGfT1MueD2KcjAnlqrz7IWp/tEKaIgK1eiqmENTzOimL/YvmHr1URIE8ssA

bJGJaDPGXv/sthQpQHUsboIFMjEA+14Jfo1VJ7RLj3oEFtzk59krmtKOBZaC92YB

JglgPGyMx+3VBBPxOHpH

=OzyW

—–END PGP SIGNATURE—–

– 

 
AutorDanijel Kozinovic
Cert idNCERT-REF-2017-11-0124-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa .NET Core

Otkriveni su sigurnosni nedostaci u programskom paketu .NET Core za operacijski sustav RHEL. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS...

Close