-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2003-57
http://www.turbolinux.com/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date : 08 Oct 2003
Last revised : 08 Oct 2003
Package : pine
Summary : Multipel vulnerabilities in pine
More information :
Pine is a very popular, easy to use, full-featured email user agent.
Pine contains a vulnerability during the handling of the 'message/external-body' type.
An integer overflow exists in the Pine MIME header parsing.
Impact :
This vulnerability may allow a remote attacker to execute arbitrary code.
Affected Products :
- Turbolinux Workstation 6.0
Solution :
Please use turbopkg tool to apply the update.
<Turbolinux Workstation 6.0>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/pine-4.58-2.src.rpm
2893276 b818bf85bdaa8ef0ff9d557bf9bdb89a
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/pine-4.58-2.i386.rpm
2635143 6a6d0b3bf0d7b5ec927e8100d79f1f84
References :
CVE
[
CAN-2003-0720]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2003-0720
[
CAN-2003-0721]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2003-0721
--------------------------------------------------------------------------
Revision History
08 Oct 2003 Initial release
--------------------------------------------------------------------------
Copyright(C) 2003 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/g+ZvK0LzjOqIJMwRAnH4AJ4nnmeyWCbs2M77CBMo08tKR39M7QCgsCMm
+n/1swOwlbQGo848jJYcdd8=
=4kKb
-----END PGP SIGNATURE-----