Important: procmail

2018-09-19T23:36:00
ID ALAS-2018-1084
Type amazon
Reporter Amazon
Modified 2018-09-19T23:36:00

Description

Issue Overview:

A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail.(CVE-2017-16844 __)

Affected Packages:

procmail

Issue Correction:
Run yum update procmail to update your system.

New Packages:

i686:  
    procmail-3.22-25.1.7.amzn1.i686  
    procmail-debuginfo-3.22-25.1.7.amzn1.i686

src:  
    procmail-3.22-25.1.7.amzn1.src

x86_64:  
    procmail-debuginfo-3.22-25.1.7.amzn1.x86_64  
    procmail-3.22-25.1.7.amzn1.x86_64