[SECURITY] [DLA 1173-1] procmail security update

2017-11-1801:13:55

lists.debian.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.043 Low

EPSS

Percentile

92.2%

JSON

Package : procmail
Version : 3.22-20+deb7u2
CVE ID : CVE-2017-16844
Debian Bug : #876511

It was discovered that there was a heap-based buffer overflow in procmail, a
tool used to sort incoming mail into various directories and filter out spam
messages.

For Debian 7 "Wheezy", this issue has been fixed in procmail version
3.22-20+deb7u2.

We recommend that you upgrade your procmail packages.

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian8allprocmail< 3.22-24+deb8u1procmail_3.22-24+deb8u1_all.deb
Debian9arm64procmail< 3.22-25+deb9u1procmail_3.22-25+deb9u1_arm64.deb
Debian8arm64procmail< 3.22-24+deb8u1procmail_3.22-24+deb8u1_arm64.deb
Debian9mipselprocmail< 3.22-25+deb9u1procmail_3.22-25+deb9u1_mipsel.deb
Debian8kfreebsd-i386procmail< 3.22-24+deb8u1procmail_3.22-24+deb8u1_kfreebsd-i386.deb
Debian9mipsprocmail< 3.22-25+deb9u1procmail_3.22-25+deb9u1_mips.deb
Debian8mipsprocmail< 3.22-24+deb8u1procmail_3.22-24+deb8u1_mips.deb
Debian8s390xprocmail< 3.22-24+deb8u1procmail_3.22-24+deb8u1_s390x.deb
Debian9allprocmail< 3.22-25+deb9u1procmail_3.22-25+deb9u1_all.deb
Debian9amd64procmail< 3.22-25+deb9u1procmail_3.22-25+deb9u1_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	all	procmail	< 3.22-24+deb8u1	procmail_3.22-24+deb8u1_all.deb
Debian	9	arm64	procmail	< 3.22-25+deb9u1	procmail_3.22-25+deb9u1_arm64.deb
Debian	8	arm64	procmail	< 3.22-24+deb8u1	procmail_3.22-24+deb8u1_arm64.deb
Debian	9	mipsel	procmail	< 3.22-25+deb9u1	procmail_3.22-25+deb9u1_mipsel.deb
Debian	8	kfreebsd-i386	procmail	< 3.22-24+deb8u1	procmail_3.22-24+deb8u1_kfreebsd-i386.deb
Debian	9	mips	procmail	< 3.22-25+deb9u1	procmail_3.22-25+deb9u1_mips.deb
Debian	8	mips	procmail	< 3.22-24+deb8u1	procmail_3.22-24+deb8u1_mips.deb
Debian	8	s390x	procmail	< 3.22-24+deb8u1	procmail_3.22-24+deb8u1_s390x.deb
Debian	9	all	procmail	< 3.22-25+deb9u1	procmail_3.22-25+deb9u1_all.deb
Debian	9	amd64	procmail	< 3.22-25+deb9u1	procmail_3.22-25+deb9u1_amd64.deb