Slackware Security Advisories
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists

About

 
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] Pine update fixes insecure URL-handling
Date: Sat, 12 Jan 2002 13:35:45 -0800 (PST)

Pine 4.44 packages are now available to fix a problem with insecure URL
handling.

Here's the information from the Slackware 8.0 ChangeLog:

Sat Jan 12 13:05:33 PST 2002
patches/packages/pine.tgz:  Fix a security problem with pine by upgrading
  to pine4.44.

  More details from the Pine Announcement List:
    This note is to announce the availability of the Pine Message System
    version 4.44. The purpose of this release is to fix a security
    bug with the treatment of quotes in the URL-handling code. The bug
    allows a malicious sender to embed commands in a URL. This bug is
    present in all versions of UNIX Pine.


We recommend upgrading Pine as soon as possible.


WHERE TO FIND THE NEW PACKAGE:
------------------------------

Updated pine package for Slackware 8.0:
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/pine.tgz


MD5 SIGNATURE:
--------------

Here is the md5sum for the package:

9511772027b579c1c2c542b4bb0d85da  pine.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

Simply upgrade as root:

   # upgradepkg pine.tgz


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
  http://www.slackware.com


+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+


Slackware® is a registered trademark of Slackware Linux, Inc. All logos and graphics are copyrighted.