==========================================================================

Ubuntu Security Notice USN-3483-2

November 21, 2017



procmail vulnerability

==========================================================================



A security issue affects these releases of Ubuntu and its derivatives:



- Ubuntu 12.04 ESM



Summary:



formail could be made to crash or run programs if it processed

specially crafted mail.



Software Description:

- procmail: Versatile e-mail processor



Details:



USN-3483-1 fixed a vulnerability in procmail. This update provides the

corresponding update for Ubuntu 12.04 ESM.



Original advisory details:



Jakub Wilk discovered that the formail tool incorrectly handled

certain malformed mail messages. An attacker could use this flaw to

cause formail to crash, resulting in a denial of service, or possibly

execute arbitrary code.



Update instructions:



The problem can be corrected by updating your system to the following

package versions:



Ubuntu 12.04 ESM:

procmail 3.22-19ubuntu0.2



In general, a standard system update will make all the necessary

changes.



References:

https://www.ubuntu.com/usn/usn-3483-2

https://www.ubuntu.com/usn/usn-3483-1

CVE-2017-16844



