Ubuntu Security Notice 3483-2 - USN-3483-1 fixed a vulnerability in procmail. This update provides the corresponding update for Ubuntu 12.04 ESM. Jakub Wilk discovered that the formail tool incorrectly handled certain malformed mail messages. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
241e560ad1546a686673831611b4fc82a69546ecb78985b2954d9c0b78483fec
==========================================================================
Ubuntu Security Notice USN-3483-2
November 21, 2017
procmail vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
formail could be made to crash or run programs if it processed
specially crafted mail.
Software Description:
- procmail: Versatile e-mail processor
Details:
USN-3483-1 fixed a vulnerability in procmail. This update provides the
corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Jakub Wilk discovered that the formail tool incorrectly handled
certain malformed mail messages. An attacker could use this flaw to
cause formail to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
procmail 3.22-19ubuntu0.2
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3483-2
https://www.ubuntu.com/usn/usn-3483-1
CVE-2017-16844