Advisories

Mandriva Advisories

Package name	pine
Date	December 2nd, 2002
Advisory ID	MDKSA-2002:084
Affected versions	7.2, 8.0, 8.1, 8.2
Synopsis	Updated pine packages fix buffer overflow vulnerability

Problem Description

A vulnerability was discovered in pine while parsing and escaping
characters of email addresses; not enough memory is allocated for
storing the escaped mailbox part of the address. The resulting
buffer overflow on the heap makes pine crash. This new version of
pine, 4.50, has the vulnerability fixed. It also offers many other
bug fixes and new features.

Updated Packages

Mandrakelinux 7.2

 58db2ae1042c63701e44134f9aa8e41a  7.2/RPMS/pine-4.50-1.1mdk.i586.rpm
2c15138d1c5dc0708627232c650ba41a  7.2/SRPMS/pine-4.50-1.1mdk.src.rpm

Mandrakelinux 8.0

 b874357b18fc5864cacfddfea7ab405c  8.0/RPMS/pine-4.50-1.1mdk.i586.rpm
2c15138d1c5dc0708627232c650ba41a  8.0/SRPMS/pine-4.50-1.1mdk.src.rpm

Mandrakelinux 8.0/PPC

 5031842b887660f019a4e5177c2c8729  ppc/8.0/RPMS/pine-4.50-1.1mdk.ppc.rpm
2c15138d1c5dc0708627232c650ba41a  ppc/8.0/SRPMS/pine-4.50-1.1mdk.src.rpm

Mandrakelinux 8.1

 9e956459b74a9627f97ac7b2687593c6  8.1/RPMS/pine-4.50-1.1mdk.i586.rpm
2c15138d1c5dc0708627232c650ba41a  8.1/SRPMS/pine-4.50-1.1mdk.src.rpm

Mandrakelinux 8.1/IA64

 96e600f16b3353d98109280de25184a5  ia64/8.1/RPMS/pine-4.50-1.1mdk.ia64.rpm
2c15138d1c5dc0708627232c650ba41a  ia64/8.1/SRPMS/pine-4.50-1.1mdk.src.rpm

Mandrakelinux 8.2

 f68005028e4af4b984140f5e081823cd  8.2/RPMS/pine-4.50-1.1mdk.i586.rpm
2c15138d1c5dc0708627232c650ba41a  8.2/SRPMS/pine-4.50-1.1mdk.src.rpm

Mandrakelinux 8.2/PPC

 99aadb317f53a095538119b36633024f  ppc/8.2/RPMS/pine-4.50-1.1mdk.ppc.rpm
2c15138d1c5dc0708627232c650ba41a  ppc/8.2/SRPMS/pine-4.50-1.1mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1320

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer