[LIH]Fw: [Full-Disclosure] [ESA-20021127-032] 'pine' version upgrade, security fixes.

Wed, 27 Nov 2002 19:55:38 -0800 

Please upgrade Pine to 4.50 - or better still, to Mutt :)

    suresh

[EMAIL PROTECTED] (EnGarde Secure Linux) writes:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> +------------------------------------------------------------------------+
>> EnGarde Secure Linux Security Advisory               November 27,
>> 2002 | http://www.engardelinux.org/
>>
>> ESA-20021127-032 | | Package: pine
>> | Summary: Version upgrade, security fixes.
>> |
> +------------------------------------------------------------------------+
>
>   EnGarde Secure Linux is a secure distribution of Linux that features
>   improved access control, host and network intrusion detection, Web
>   based secure remote management, e-commerce, and integrated open
>   source security tools.
>
> OVERVIEW
> - --------
>   This update upgrades Pine from version 4.33 to version 4.50.  Pine
>   4.50 includes many bug fixes and new features such as threading
>   support and rule pattern enhancements.
>
>   This update also fixes some security issues, in particular a buffer
>   overflow when parsing certain "From:" addresses.  A malicious user
>   could send a message with a specially crafted "From:" address and
>   cause a segmentation fault on the client.  Pine 4.50 fixes this
>   vulnerability (CAN-2002-1320) and several others.
>
> SOLUTION
> - --------
>   Users of the EnGarde Professional edition can use the Guardian
>   Digital Secure Network to update their systems automatically.
>
>   EnGarde Community users should upgrade to the most recent version
>   as outlined in this advisory.  Updates may be obtained from:
>
>     ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
>     http://ftp.engardelinux.org/pub/engarde/stable/updates/
>
>   Before upgrading the package, the machine must either:
>
>     a) be booted into a "standard" kernel; or
>     b) have LIDS disabled.
>
>   To disable LIDS, execute the command:
>
>     # /sbin/lidsadm -S -- -LIDS_GLOBAL
>
>   To install the updated package, execute the command:
>
>     # rpm -Uvh files
>
>   You must now update the LIDS configuration by executing the command:
>
>     # /usr/sbin/config_lids.pl
>
>   To re-enable LIDS (if it was disabled), execute the command:
>
>     # /sbin/lidsadm -S -- +LIDS_GLOBAL
>
>   To verify the signatures of the updated packages, execute the
> command:
>
>     # rpm -Kv files
>
> UPDATED PACKAGES
> - ----------------
>   These updated packages are for EnGarde Secure Linux Community
>   Edition.
>
>   Source Packages:
>
>     SRPMS/pine-4.50-1.0.9.src.rpm
>       MD5 Sum: a85e6e5615423e82fed9453ec06686a6
>
>   Binary Packages:
>
>     i386/pine-4.50-1.0.9.i386.rpm
>       MD5 Sum: ff1db113dcddb5b64f5e62231deb44bc
>
>     i686/pine-4.50-1.0.9.i686.rpm
>       MD5 Sum: a82c4318b516f0a2990e4ad286e01646
>
> REFERENCES
> - ----------
>   Guardian Digital's public key:
>     http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY
>
>   pine's Official Web Site:
>     http://www.washington.edu/pine/
>
>   Security Contact:   [EMAIL PROTECTED]
>   EnGarde Advisories: http://www.engardelinux.org/advisories.html
>
> -
> --------------------------------------------------------------------------
$Id: ESA-20021127-032-pine,v 1.2 2002/11/27 13:02:25 rwm Exp $
> -
> --------------------------------------------------------------------------
Author: Ryan W. Maple <[EMAIL PROTECTED]>
> Copyright 2002, Guardian Digital, Inc.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE95MNbHD5cqd57fu0RAo75AJ974ecOqscVUcR+/r4JHX9jMuG3cACfUNqW
> Qtn3psk6m0E6BmPdIZrH7gI=
> =X8Qz
> -----END PGP SIGNATURE-----
> ------------------------------------------------------------------------
>      To unsubscribe email [EMAIL PROTECTED]
>          with "unsubscribe" in the subject of the message.
>
> Copyright(c) 2002 Guardian Digital, Inc.
> EnGardeLinux.org
> ------------------------------------------------------------------------



-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help

Reply via email to