Metamail Multiple Buffer Overflow/Format String Handling Vulnerabilities

Solution:
SGI has released an advisory 20040203-01-U to address this and other issues in SGI ProPack 2.4 and ProPack 2.3. Please see the referenced advisory for more information. Fixes are available below.

Debian has released an advisory (DSA 449-1) to address these issues. Please see the attached advisory for further details on obtaining and applying fixes.

Red Hat has released a security advisory (RHSA-2004:073-05) and fixes to address this issue in Red Hat enterprise products. Customers who are subscribed to the Red Hat Network may invoke the up2date utility to retrieve relevant fixes. Further details may be found in the referenced advisory.

Slackware have released an advisory (SSA:2004-049-02) and fixes to address thes issues.

Mandrake has released an advisory (MDKSA-2004:014) to address these issues. Please see the attached advisory for further details on obtaining and applying fixes.

Red Hat Fedora Legacy has released advisory FLSA:1305 dealing with this issue for Red Hat Linux 8.0, 7.3 and 7.2. Please see the referenced advisory for more information.

Gentoo Linux has released advisory GLSA 200405-17 dealing with this issue. Please see the referenced advisory for more information. Affected users are urged to run the following commands as superuser:
emerge sync
emerge -pv ">=net-mail/metamail-2.7.45.3"
emerge ">=net-mail/metamail-2.7.45.3"


SGI ProPack 2.3

SGI ProPack 2.4

Metamail Metamail 2.7


 

Privacy Statement
Copyright 2010, SecurityFocus