Applications Management Engineer Sr (NYC) Next Step Systems US-NY-New York Post A Job | Post A Resume

[ Thanks to SOT Support for this link. ]

----------------------------------------------------------------
                   SOT Linux Security Advisory

Subject:           Updated pine package for SOT Linux 2002
Advisory ID:       SLSA-2003:2
Date:              Sunday, January 5, 2003
Product:           SOT Linux 2002
----------------------------------------------------------------

1. Problem description

Pine 4.44 and earlier allows remote attackers to cause a denial
of service (core dump and failed restart) via an email message
with a From header that contains a large number of quotation
marks (").

Updated pine package fixes this vulnerability (CAN-2002-1320)
and several others and provides some additional features.


2. Updated packages

SOT Linux 2002 Desktop:
i386:
ftp://ftp.sot.com/updates/2002/Desktop/i386/pine-4.51-1.i386.rpm
SRPMS:
ftp://ftp.sot.com/updates/2002/Desktop/SRPMS/pine-4.51-1.src.rpm


SOT Linux 2002 Server:

i386:
ftp://ftp.sot.com/updates/2002/Server/i386/pine-4.51-1.i386.rpm
SRPMS:
ftp://ftp.sot.com/updates/2002/Server/SRPMS/pine-4.51-1.src.rpm


3. Upgrading package

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

Use up2date to automatically upgrade the fixed packages.

If you want to upgrade manually, download the updated package from
the SOT Linux FTP site (use the links above) or from one of our mirrors.
The list of mirrors can be obtained at www.sot.com/en/linux

Update the package with the following command:
rpm -Uvh <filename>

4. Verification

All packages are PGP signed by SOT for security.

You can verify each package with the following command:
rpm --checksig <filename>

If you wish to verify the integrity of the downloaded package, run
"md5sum <filename>" and compare the output with data given below.


Package Name                        MD5 sum
----------------------------------------------------------------
/Desktop/i386/pine-4.51-1.i386.rpm  a0048db3cbfa2f844e4fa30363cc8148
/Desktop/SRPMS/pine-4.51-1.src.rpm  41155bd4ba9db8a74d03c7e4b39e5d17
/Server/i386/pine-4.51-1.i386.rpm   a0048db3cbfa2f844e4fa30363cc8148
/Server/SRPMS/pine-4.51-1.src.rpm   41155bd4ba9db8a74d03c7e4b39e5d17


5. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1320
http://marc.theaimsgroup.com/?l=bugtraq&m=103668430620531&w=2
http://www.washington.edu/pine/changes.html

Copyright(c) 2001, 2002 SOT

Index Mode   |   Flat Mode   |   Thread Mode   |   Thread Flat     Talkback(s) Name  and Date   Is this legal?    Johan Ebert Jan 6, 2003, 15:26:49     Re: Is this legal?    Mats Jan 6, 2003, 15:56:34     Re: Is this legal?    Russell Jan 6, 2003, 16:15:19     Re: Is this legal?    anon Jan 6, 2003, 17:15:55     Re: Re: Is this legal?    Johan Ebert Jan 6, 2003, 22:45:18     Home | Search Talkbacks | Customize View    Top of Page   Enter your comments below: * Your Name: * Your Email Address: * Subject: CC: [will also send this talkback to an E-Mail address] * Comments: Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content. Fields marked with * are required!