--------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Updated Pine packages fix security vulnerability Advisory ID: RHSA-2005:015-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-015.html Issue date: 2005-01-12 Updated on: 2005-01-12 Product: Red Hat Enterprise Linux CVE Names: CAN-2003-0297 ---------------------------------------------------------------------
1. Summary:
An updated Pine package is now available for Red Hat Enterprise Linux 2.1 to fix a denial of service attack.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386
3. Problem description:
Pine is an email user agent.
The c-client IMAP client library, as used in Pine 4.44 contains an integer overflow and integer signedness flaw. An attacker could create a malicious IMAP server in such a way that it would cause Pine to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0297 to this issue.
Users of Pine are advised to upgrade to these erratum packages which contain a backported patch to correct this issue.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: