|
|
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] Pine update fixes insecure URL-handling
Date: Sat, 12 Jan 2002 13:35:45 -0800 (PST) |
|
Pine 4.44 packages are now available to fix a problem with insecure URL
handling.
Here's the information from the Slackware 8.0 ChangeLog:
Sat Jan 12 13:05:33 PST 2002
patches/packages/pine.tgz: Fix a security problem with pine by upgrading
to pine4.44.
More details from the Pine Announcement List:
This note is to announce the availability of the Pine Message System
version 4.44. The purpose of this release is to fix a security
bug with the treatment of quotes in the URL-handling code. The bug
allows a malicious sender to embed commands in a URL. This bug is
present in all versions of UNIX Pine.
We recommend upgrading Pine as soon as possible.
WHERE TO FIND THE NEW PACKAGE:
------------------------------
Updated pine package for Slackware 8.0:
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/pine.tgz
MD5 SIGNATURE:
--------------
Here is the md5sum for the package:
9511772027b579c1c2c542b4bb0d85da pine.tgz
INSTALLATION INSTRUCTIONS:
--------------------------
Simply upgrade as root:
# upgradepkg pine.tgz
Remember, it's also a good idea to backup configuration files before
upgrading packages.
- Slackware Linux Security Team
http://www.slackware.com
+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
|
| |