Summary: | <mail-filter/procmail-3.22-r14: heap overflow in formail tool | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ab4bd, atoth, bjh-gentoobt, chris, gentoo, maintainer-needed, michael.nospam1, net-mail+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/09/03/8 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 638108 | ||
Bug Blocks: |
Description
Hanno Böck
2014-09-04 05:31:56 UTC
CVE-2014-3618 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3618): Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes." @ Maintainer(s): Please apply https://sources.debian.net/src/procmail/3.22-25/debian/patches/27/ @Maintainers ping Gentoo Security Padawan ChrisADR The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31e0e8db9e641bbe158add9c6d4907f2c3eb2d57 commit 31e0e8db9e641bbe158add9c6d4907f2c3eb2d57 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2019-03-24 00:22:31 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2019-03-24 00:26:04 +0000 mail-filter/procmail: revbump to fix longstanding vulnerabilities This patch is a combination of patches from the OSS ML and the Debian bug tracker. Both patches and authors can be found in the below referenced bugs. Bug: https://bugs.gentoo.org/522114 Bug: https://bugs.gentoo.org/638108 Signed-off-by: Aaron Bauman <bman@gentoo.org> .../files/procmail-CVE-2014-3618-16844.patch | 25 +++++ mail-filter/procmail/procmail-3.22-r12.ebuild | 123 +++++++++++++++++++++ 2 files changed, 148 insertions(+) -r12 was dropped due to reports of CPU utilization due to loops I just had formail hang with -r13 - same as happened with -r12 |