Bug 37238

Summary: procmail: Buffer overflow (ES 3.1)
Product: UCS Reporter: Moritz Muehlenhoff <jmm>
Component: Security updatesAssignee: Philipp Hahn <hahn>
Status: CLOSED FIXED QA Contact: Janek Walkenhorst <walkenhorst>
Severity: normal    
Priority: P3 CC: hahn, walkenhorst
Version: UCS 3.1   
Target Milestone: UCS 3.1-ES   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Bug Depends on: 35817    
Bug Blocks:    
Attachments: Procmail extsec3.1 Advisory
Procmail extsec3.1 Advisory v2

Description Moritz Muehlenhoff univentionstaff 2014-12-08 15:38:10 CET 
CVE-2014-3618

A heap-based buffer overflow in the formail tool of procmail allows the execution of arbitrary code when processing a malformed mail.
Comment 1 Philipp Hahn univentionstaff 2015-06-19 16:07:43 CEST 
# repo_stat.py procmail
3.22-19 imported on 2011-01-08 06:45:20.711581 (auto import)
 Included in release tag 3.0-0-0 (31109)
   procmail_3.22-19.11.201104141333.dsc
3.22-19+deb6u1 imported on 2014-09-17 19:07:54.323331
 Included in scope errata3.2-3 for release tag 3.2-0-0 (68958)
   procmail_3.22-19.15.201409171908.dsc

# repo_admin.py -U -p procmail -d squeeze-lts -r 3.1-0-0 -s extsec3.1
repo_admin.py --cherrypick -r 3.2 -s errata3.2-3 --releasedest 3.1 --dest extsec3.1 -p procmail

echo -n 12 >/var/univention/buildsystem2/config/versions/procmail
build-package-ng -r 3.1-0-0 -P ucs -s extsec3.1 --no-pbuilder-update -p procmail
echo -n 16 >/var/univention/buildsystem2/config/versions/procmail

Package: procmail
Version: 3.22-19.13.201506191522
Branch: ucs_3.1-0
Scope: extsec3.1

OK:
 apt-get install procmail=3.22-19.11.201104141333
 wget -q -O- 'https://groups.google.com/forum/message/raw?msg=alt.arts.poetry.comments/DCuLO3qzovI/CZk15MlfqNkJ' | tr -d '\r' | formail -s >/dev/null
 apt-get install procmail=3.22-19.13.201506191522
 apt-get remove procmail
 apt-get install procmail=3.22-19.13.201506191522
 apt-get purge procmail
 apt-get install procmail=3.22-19.13.201506191522
 univention-upgrade --updateto 3.2-3 --ignoressh --ignoreterm --noninteractive</dev/null;apt-cache policy procmail
Comment 2 Philipp Hahn univentionstaff 2015-06-19 16:08:20 CEST 
Created attachment 6970 [details]
Procmail extsec3.1 Advisory
Comment 3 Janek Walkenhorst univentionstaff 2015-06-23 17:19:56 CEST 
(In reply to Philipp Hahn from comment #2)
> Created attachment 6970 [details]
> Procmail extsec3.1 Advisory
CVE-ID wrong

Tests (amd64): OK
Comment 4 Philipp Hahn univentionstaff 2015-06-23 17:30:01 CEST 
Created attachment 6980 [details]
Procmail extsec3.1 Advisory v2
Comment 5 Janek Walkenhorst univentionstaff 2015-06-30 18:07:19 CEST 
Released