Oval Definition:oval:com.redhat.rhsa:def:20141172
Revision Date:2014-09-10Version:636
Title:RHSA-2014:1172: procmail security update (Important)
Description:The procmail program is used for local mail delivery. In addition to just delivering mail, procmail can be used for automatic filtering, presorting, and other mail handling jobs.

  • A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send an email with specially crafted headers that, when processed by formail, could cause procmail to crash or, possibly, execute arbitrary code as the user running formail. (CVE-2014-3618)

    All procmail users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2014-3618
    CVE-2014-3618
    RHSA-2014:1172
    RHSA-2014:1172-00
    RHSA-2014:1172-01
    Platform(s):Red Hat Enterprise Linux 5
    Red Hat Enterprise Linux 6
    Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND procmail is earlier than 0:3.22-17.1.2
  • AND procmail is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND procmail is earlier than 0:3.22-25.1.el6_5.1
  • AND procmail is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND procmail is earlier than 0:3.22-34.el7_0.1
  • AND procmail is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 5 is installed
  • AND procmail is earlier than 0:3.22-17.1.2
  • AND procmail is signed with Red Hat redhatrelease key
  • OR Package Information
  • procmail is earlier than 0:3.22-25.1.el6_5.1
  • AND procmail is signed with Red Hat redhatrelease2 key
  • AND
  • Red Hat Enterprise Linux 6 Client is installed
  • OR Red Hat Enterprise Linux 6 Server is installed
  • OR Red Hat Enterprise Linux 6 Workstation is installed
  • OR Red Hat Enterprise Linux 6 ComputeNode is installed
  • OR Package Information
  • procmail is earlier than 0:3.22-34.el7_0.1
  • AND procmail is signed with Red Hat redhatrelease2 key
  • AND
  • Red Hat Enterprise Linux 7 Client is installed
  • OR Red Hat Enterprise Linux 7 Server is installed
  • OR Red Hat Enterprise Linux 7 Workstation is installed
  • OR Red Hat Enterprise Linux 7 ComputeNode is installed
    • BACK