ALAS-2018-1084


Amazon Linux AMI Security Advisory: ALAS-2018-1084
Advisory Release Date: 2018-09-19 23:36 Pacific
Severity: Important
References: CVE-2017-16844 

Issue Overview:

A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail.(CVE-2017-16844 )


Affected Packages:

procmail


Issue Correction:
Run yum update procmail to update your system.

New Packages:
i686:
    procmail-3.22-25.1.7.amzn1.i686
    procmail-debuginfo-3.22-25.1.7.amzn1.i686

src:
    procmail-3.22-25.1.7.amzn1.src

x86_64:
    procmail-debuginfo-3.22-25.1.7.amzn1.x86_64
    procmail-3.22-25.1.7.amzn1.x86_64