[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA-46-1] procmail update



Debian Security Advisory DLA-0023-1
https://wiki.debian.org/LTS
----------------------------------------------------------------------------
Package        : procmail
Version        : 3.22-19+deb6u1
CVE ID         : CVE-2014-3618
Debian Bug     : 704675 760443

Boris 'pi' Piwinger and Tavis Ormandy reported a heap overflow
vulnerability in procmail's formail utility when processing
specially-crafted email headers. A remote attacker could use this flaw
to cause formail to crash, resulting in a denial of service or data
loss, or possibly execute arbitrary code.

Attachment: signature.asc
Description: Digital signature


Reply to: