Advisories » MGASA-2017-0392

Updated procmail packages fix security vulnerability

Publication date: 30 Oct 2017
Modification date: 30 Oct 2017
Type: security
Affected Mageia releases : 5 , 6

Description

A flaw was found in the loadbuf function in formisc.c. When the buffer
is too small, the function tries to resize it, but only by Bsize (=128)
bytes. This is not necessarily enough and could cause denial of service.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21885
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DKF7SN6RKVFTADUVEPX2ZA5USDIVPKEA/
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511

SRPMS

5/core

• procmail-3.22-23.1.mga5

6/core

• procmail-3.22-24.1.mga6