Slackware: 'Pine' update fixes insecure URL-handling
Summary
Where Find New Packages
MD5 Signatures
Installation Instructions
Date: Sat, 12 Jan 2002 13:35:45 -0800 (PST) From: Slackware Security Team <security@slackware.com> To: slackware-security@slackware.com Subject: [slackware-security] Pine update fixes insecure URL-handling Pine 4.44 packages are now available to fix a problem with insecure URL handling. Here's the information from the Slackware 8.0 ChangeLog: Sat Jan 12 13:05:33 PST 2002 patches/packages/pine.tgz: Fix a security problem with pine by upgrading to pine4.44. More details from the Pine Announcement List: This note is to announce the availability of the Pine Message System version 4.44. The purpose of this release is to fix a security bug with the treatment of quotes in the URL-handling code. The bug allows a malicious sender to embed commands in a URL. This bug is present in all versions of UNIX Pine. We recommend upgrading Pine as soon as possible. WHERE TO FIND THE NEW PACKAGE: ------------------------------ Updated pine package for Slackware 8.0: MD5 SIGNATURE: -------------- Here is the md5sum for the package: 9511772027b579c1c2c542b4bb0d85da pine.tgz INSTALLATION INSTRUCTIONS: -------------------------- Simply upgrade as root: # upgradepkg pine.tgz Remember, it's also a good idea to backup configuration files before upgrading packages. - Slackware Linux Security Team The Slackware Linux Project