- Issued:
- 2005-01-12
- Updated:
- 2005-01-12
RHSA-2005:015 - Security Advisory
Synopsis
pine security update
Type/Severity
Security Advisory: Low
Topic
An updated Pine package is now available for Red Hat Enterprise Linux 2.1
to fix a denial of service attack.
Description
Pine is an email user agent.
The c-client IMAP client library, as used in Pine 4.44 contains an integer
overflow and integer signedness flaw. An attacker could create a malicious
IMAP server in such a way that it would cause Pine to crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0297 to this issue.
Users of Pine are advised to upgrade to these erratum packages which
contain a backported patch to correct this issue.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
Affected Products
- Red Hat Enterprise Linux Server 2 ia64
- Red Hat Enterprise Linux Server 2 i386
- Red Hat Enterprise Linux Workstation 2 ia64
- Red Hat Enterprise Linux Workstation 2 i386
Fixes
- BZ - 97342 - CAN-2003-0279 c-client imap client
CVEs
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
