Security Advisory pine security update

Advisory: RHSA-2005:015-05
Type: Security Advisory
Severity: Low
Issued on: 2005-01-12
Last updated on: 2005-01-12
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2003-0297

Details

An updated Pine package is now available for Red Hat Enterprise Linux 2.1
to fix a denial of service attack.

Pine is an email user agent.

The c-client IMAP client library, as used in Pine 4.44 contains an integer
overflow and integer signedness flaw. An attacker could create a malicious
IMAP server in such a way that it would cause Pine to crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0297 to this issue.

Users of Pine are advised to upgrade to these erratum packages which
contain a backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
pine-4.44-20.src.rpm     10365ce656dc56e679cd17d70c506820
 
IA-32:
pine-4.44-20.i386.rpm     7e8793f0bf05f544dea50fde67af462d
 
IA-64:
pine-4.44-20.ia64.rpm     68b149c040e66b19059dd9480d26ef2c
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
pine-4.44-20.src.rpm     10365ce656dc56e679cd17d70c506820
 
IA-32:
pine-4.44-20.i386.rpm     7e8793f0bf05f544dea50fde67af462d
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
pine-4.44-20.src.rpm     10365ce656dc56e679cd17d70c506820
 
IA-32:
pine-4.44-20.i386.rpm     7e8793f0bf05f544dea50fde67af462d
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
pine-4.44-20.src.rpm     10365ce656dc56e679cd17d70c506820
 
IA-64:
pine-4.44-20.ia64.rpm     68b149c040e66b19059dd9480d26ef2c
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

97342 - CAN-2003-0279 c-client imap client


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0297
http://marc.theaimsgroup.com/?l=bugtraq&m=105294024124163

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/