[SECURITY] Fedora 20 Update: procmail-3.22-36.fc20

updates at fedoraproject.org updates at fedoraproject.org
Sat Sep 13 06:51:04 UTC 2014 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-10357
2014-09-09 20:18:25
--------------------------------------------------------------------------------

Name        : procmail
Product     : Fedora 20
Version     : 3.22
Release     : 36.fc20
URL         : http://www.procmail.org
Summary     : Mail processing program
Description :
Procmail can be used to create mail-servers, mailing lists, sort your
incoming mail into separate folders/files (real convenient when subscribing
to one or more mailing lists or for prioritising your mail), preprocess
your mail, start any programs upon mail arrival (e.g. to generate different
chimes on your workstation for different types of mail) or selectively
forward certain incoming mail automatically to someone.

--------------------------------------------------------------------------------
Update Information:

This is an update fixing CVE-2014-3618.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep  4 2014 Jaroslav Škarvada <jskarvad at redhat.com> - 3.22-36
- Fixed buffer overflow in formail
  Resolves: CVE-2014-3618
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.22-35
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.22-34
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1137581 - CVE-2014-3618 procmail: Heap-overflow in procmail's formail utility when processing specially-crafted email headers
        https://bugzilla.redhat.com/show_bug.cgi?id=1137581
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update procmail' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list