procmail (SL5, SL6, SL7)

By Scientific Linux Team on September 10, 2014

Synopsis: Important: procmail security update
Advisory ID: SLSA-2014:1172-1
Issue Date: 2014-09-10
CVE Numbers: CVE-2014-3618

A heap-based buffer overflow flaw was found in procmail’s formail utility.
A remote attacker could send an email with specially crafted headers that,
when processed by formail, could cause procmail to crash or, possibly,
execute arbitrary code as the user running formail. (CVE-2014-3618)

SL5
x86_64
procmail-3.22-17.1.2.x86_64.rpm
procmail-debuginfo-3.22-17.1.2.x86_64.rpm
i386
procmail-3.22-17.1.2.i386.rpm
procmail-debuginfo-3.22-17.1.2.i386.rpm
SL6
x86_64
procmail-3.22-25.1.el6_5.1.x86_64.rpm
procmail-debuginfo-3.22-25.1.el6_5.1.x86_64.rpm
i386
procmail-3.22-25.1.el6_5.1.i686.rpm
procmail-debuginfo-3.22-25.1.el6_5.1.i686.rpm

– Scientific Linux Development Team