USN-2340-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-2340-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2340-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-2340-1

Related

Published

2014-09-04T17:39:31.063391Z

Modified

2014-09-04T17:39:31.063391Z

Summary

procmail vulnerability

Details

Tavis Ormandy discovered that the formail tool incorrectly handled certain malformed mail headers. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code.

References

Affected packages

Ubuntu:14.04:LTS / procmail

Package

Name: procmail
Purl: pkg:deb/ubuntu/procmail?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.22-21ubuntu0.1

Affected versions

3.*

3.22-20

3.22-21

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.22-21ubuntu0.1",
            "binary_name": "procmail"
        }
    ]
}