-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] metamail security update (SSA:2004-049-02)

Metamail is a set of utilities for processing MIME mail.

New metamail packages are available for Slackware 8.1, 9.0, 9.1,
and -current. These fix two format string bugs and two buffer
overflows which could lead to unauthorized code execution.

Thanks to Ulf Hдrnhammar for discovering these problems and
providing a patch.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0105

Here are the details from the Slackware 9.1 ChangeLog:
±-------------------------+
Wed Feb 18 03:44:42 PST 2004
patches/packages/metamail-2.7-i486-2.tgz: Patched two format string
bugs and two buffer overflows in metamail which could lead to
unauthorized code execution. Thanks to Ulf Hдrnhammar for discovering
these problems and providing a patch.
(* Security fix *)
±-------------------------+

WHERE TO FIND THE NEW PACKAGE:
±----------------------------+

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/metamail-2.7-i386-2.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/metamail-2.7-i386-2.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/metamail-2.7-i486-2.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/metamail-2.7-i486-2.tgz

MD5 SIGNATURES:
±------------+

Slackware 8.1 package:
2472a9ac8eefc7d919c0dff517651be6 metamail-2.7-i386-2.tgz

Slackware 9.0 package:
4f283c4ad8429fd0e9ed92f3e95e93c7 metamail-2.7-i386-2.tgz

Slackware 9.1 package:
d9947ffb77c68930ed4826dfab4af91b metamail-2.7-i486-2.tgz

Slackware -current package:
d9947ffb77c68930ed4826dfab4af91b metamail-2.7-i486-2.tgz

INSTALLATION INSTRUCTIONS:
±-----------------------+

Upgrade the metamail package with upgradepkg:

upgradepkg metamail-2.7-i486-2.tgz

±----+

Slackware Linux Security Team
http://slackware.com/gpg-key
[email protected]

±-----------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
±-----------------------------------------------------------------------+
| Send an email to [email protected] with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
±-----------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAM1qGakRjwEAQIjMRAuVOAKCI9kSqYBMEHtEW6xu6lUPcOPTRKgCfRoZt
sks+bl+KqOmhTdbnfMfMepE=
=yisA
-----END PGP SIGNATURE-----