Univention Bugzilla – Bug 35817
procmail: Buffer overflow (3.2)
Last modified: 2014-12-08 15:38:10 CET
CVE-2014-3618 A heap-based buffer overflow in the formail tool of procmail allows the execution of arbitrary code when processing a malformed mail.
Tests (amd64): OK Advisory: 2014-09-17-procmail.yaml
OK: apt-cache policy procmail OK: univention-install procmail OK: zless /usr/share/doc/procmail/changelog.Debian.gz OK: formail -I Received: -s procmail -m rc < ... OK: 2014-09-17-procmail.yaml OK: anource_errata -V 2014-09-17-procmail.yaml
http://errata.univention.de/ucs/3.2/210.html