Advisories

Mandriva Advisories

Package name	metamail
Date	February 18th, 2004
Advisory ID	MDKSA-2004:014
Affected versions	9.0, 9.1, 9.2, CS2.1
Synopsis	Updated metamail packages fix buffer overflow vulnerabilities

Problem Description

Two format string and two buffer overflow vulnerabilities were
discovered in metamail by Ulf Harnhammar. The updated packages are
patched to fix these holes.

Updated Packages

Mandrakelinux 9.0

 9ee83662f8af9eaf670ec7fda5a22351  9.0/RPMS/metamail-2.7-9.1.90mdk.i586.rpm
bc7f01df5ca62755f7e7c8f4cc698826  9.0/SRPMS/metamail-2.7-9.1.90mdk.src.rpm

Mandrakelinux 9.1

 b1e8c0600f1d2b8e3d7cb286300e798f  9.1/RPMS/metamail-2.7-9.1.91mdk.i586.rpm
504b97acd0de7ced8a5c93cd28a4fc16  9.1/SRPMS/metamail-2.7-9.1.91mdk.src.rpm

Mandrakelinux 9.1/PPC

 d2449e2c3a31e1ae82a197089367c7c0  ppc/9.1/RPMS/metamail-2.7-9.1.91mdk.ppc.rpm
504b97acd0de7ced8a5c93cd28a4fc16  ppc/9.1/SRPMS/metamail-2.7-9.1.91mdk.src.rpm

Mandrakelinux 9.2

 73797afd935d841a8e1701d6c8572ed7  9.2/RPMS/metamail-2.7-9.1.92mdk.i586.rpm
5f36fe16d00e69761d829fbdcdf95839  9.2/SRPMS/metamail-2.7-9.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64

 d3fb23bbf49aba7ef9355031510c12c9  amd64/9.2/RPMS/metamail-2.7-9.1.92mdk.amd64.rpm
5f36fe16d00e69761d829fbdcdf95839  amd64/9.2/SRPMS/metamail-2.7-9.1.92mdk.src.rpm

Corporate Server 2.1

 548c9a7a79f8b3e6a64caabd4ff8b276  corporate/2.1/RPMS/metamail-2.7-9.1.C21mdk.i586.rpm
bbacb5d6d2c7233b00bee939e1f92125  corporate/2.1/SRPMS/metamail-2.7-9.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64

 7bc7bad9023a2c15175562d1fadc31ef  x86_64/corporate/2.1/RPMS/metamail-2.7-9.1.C21mdk.x86_64.rpm
bbacb5d6d2c7233b00bee939e1f92125  x86_64/corporate/2.1/SRPMS/metamail-2.7-9.1.C21mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0105

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer