[KLUG Members] New on BSware this week.

Adam Williams members@kalamazoolinux.org
Mon, 15 Sep 2003 11:03:14 -0400

Previous message: [KLUG Members] New on BSware this week.
Next message: [KLUG Members] New on BSware this week.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Official updates on BSware 9.0:
> ------------------------------- 
>      639349  gtkhtml-1.1.9-0.9.1.i386.rpm
>      348628  gtkhtml-devel-1.1.9-0.9.1.i386.rpm

Oh well, just a DOS attack.  No porting SoBig to evolution, yet. :(

https://rhn.redhat.com/errata/RHSA-2003-264.html

GtkHTML is the HTML rendering widget used by the Evolution mail reader. 
Versions of GtkHTML prior to 1.1.10 contain a bug when handling HTML
messages. Alan Cox discovered that certain malformed messages could
cause the Evolution mail component to crash due to a null pointer
dereference in the GtkHTML library. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2003-0541 to
this issue.
Users of Evolution are advised to upgrade to these erratum packages,
which contain GtkHTML version 1.1.10 correcting this issue.
Red Hat would like to thank the Ximian security team for investigating
and fixing this issue.

>     2615544  pine-4.44-19.90.0.i386.rpm

So who is going to port SoBig to Pine? :)

https://rhn.redhat.com/errata/RHSA-2003-273.html
Pine, developed at the University of Washington, is a tool for reading,
sending, and managing electronic messages (including mail and news).
A buffer overflow exists in the way unpatched versions of Pine prior to
4.57 handle the 'message/external-body' type. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0720 to this issue.
An integer overflow exists in the Pine MIME header parsing in versions
prior to 4.57. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0721 to this issue.
Both of these flaws could be exploited by a remote attacker sending a
carefully crafted email to the victim that will execute arbitrary code
when the email is opened using Pine.
All users of Pine are advised to upgrade to these erratum packages,
whichcontain a backported security patch correcting these issues.
Red Hat would like to thank iDefense for bringing these issues to our
attention and the University of Washington for the patch.

Previous message: [KLUG Members] New on BSware this week.
Next message: [KLUG Members] New on BSware this week.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]