Advisories

Mandriva Advisories

Package name procmail Date November 20th, 2001 Advisory ID MDKSA-2001:085 Affected versions 7.1, 7.2, 8.0, 8.1, CS1.0 Synopsis Updated procmail packages fix crash insecurities

Problem Description

In older versions of procmail, it is possible to crash procmail by
sending it certain signals. If procmail is installed setuid, this
could be exploited to gain unauthorized privilege. This problem is
fixed in unstable version 3.20 and stable version 3.15.2.

Updated Packages

Mandrakelinux 7.1

 6a6303d135b4f58247b8c211a7fd4928  7.1/RPMS/procmail-3.15.2-1.4mdk.i586.rpm
650b9e7fab6c3413f88268263c270dbb  7.1/SRPMS/procmail-3.15.2-1.4mdk.src.rpm

Mandrakelinux 7.2

 10d1564c725041ccddcd4d0322ce8593  7.2/RPMS/procmail-3.15.2-1.3mdk.i586.rpm
96453054a5e61284ab46c00b7926231d  7.2/SRPMS/procmail-3.15.2-1.3mdk.src.rpm

Mandrakelinux 8.0

 645fd209f3c4f1a3ee3fe9ca74c39356  8.0/RPMS/procmail-3.15.2-1.2mdk.i586.rpm
4b7efc4406d9dbf99b24914a5015e007  8.0/SRPMS/procmail-3.15.2-1.2mdk.src.rpm

Mandrakelinux 8.0/PPC

 87394a37012994bfcbadacb99eb8bd00  ppc/8.0/RPMS/procmail-3.15.2-1.2mdk.ppc.rpm
4b7efc4406d9dbf99b24914a5015e007  ppc/8.0/SRPMS/procmail-3.15.2-1.2mdk.src.rpm

Mandrakelinux 8.1

 fec9a3bc584959dcdbafb4e73fca9336  8.1/RPMS/procmail-3.22-1.1mdk.i586.rpm
05412df2c9c9cc142cdfbb92165a7fea  8.1/SRPMS/procmail-3.22-1.1mdk.src.rpm

Corporate Server 1.0.1

 6a6303d135b4f58247b8c211a7fd4928  1.0.1/RPMS/procmail-3.15.2-1.4mdk.i586.rpm
650b9e7fab6c3413f88268263c270dbb  1.0.1/SRPMS/procmail-3.15.2-1.4mdk.src.rpm

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm
                

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.