RHSA-2005:015 - Security Advisory
pine security update
Security Advisory: Low
An updated Pine package is now available for Red Hat Enterprise Linux 2.1
to fix a denial of service attack.
Pine is an email user agent.
The c-client IMAP client library, as used in Pine 4.44 contains an integer
overflow and integer signedness flaw. An attacker could create a malicious
IMAP server in such a way that it would cause Pine to crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0297 to this issue.
Users of Pine are advised to upgrade to these erratum packages which
contain a backported patch to correct this issue.
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
- Red Hat Enterprise Linux Server 2 ia64
- Red Hat Enterprise Linux Server 2 i386
- Red Hat Enterprise Linux Workstation 2 ia64
- Red Hat Enterprise Linux Workstation 2 i386
- BZ - 97342 - CAN-2003-0279 c-client imap client
This erratum does not contain any packages.