Updated pine packages available

A vulnerability in Pine version 4.44 and earlier releases can cause
Pine to crash when sent a carefully crafted email.

[Updated 04 July 2003]
Added packages for Red Hat Linux on IBM iSeries and pSeries systems.

Pine, developed at the University of Washington, is a tool for reading,
sending, and managing electronic messages (including mail and news).

A security problem was found in versions of Pine 4.44 and earlier. In these
versions, Pine does not allocate enough memory for the parsing and escaping
of the "From" header, allowing a carefully crafted email to cause a
buffer overflow on the heap. This will result in Pine crashing.

All users of Pine on Red Hat Linux are advised to update to these errata
packages containing a patch to version 4.44 of Pine that fixes this
vulnerability.

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

78293 - Pine 4.44 has a buffer overflow in the From address processing code.

https://www.redhat.com/security/data/cve/CVE-2002-1320.html
http://www.washington.edu/pine/changes/4.44-to-4.50.html
http://marc.theaimsgroup.com/?l=bugtraq&m=103668430620531&w=2

crash, denial, DoS, flaw:buf, of, pine, service, vulnerable