Slackware: 'Pine' update fixes insecure URL-handling
Posted by LinuxSecurity.com Team   
Slackware Pine 4.44 packages are now available to fix a problem with insecure URLhandling.


Date: Sat, 12 Jan 2002 13:35:45 -0800 (PST)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] Pine update fixes insecure URL-handling



Pine 4.44 packages are now available to fix a problem with insecure URL
handling.

Here's the information from the Slackware 8.0 ChangeLog:

Sat Jan 12 13:05:33 PST 2002
patches/packages/pine.tgz:  Fix a security problem with pine by upgrading
  to pine4.44.

  More details from the Pine Announcement List:
    This note is to announce the availability of the Pine Message System
    version 4.44. The purpose of this release is to fix a security
    bug with the treatment of quotes in the URL-handling code. The bug
    allows a malicious sender to embed commands in a URL. This bug is
    present in all versions of UNIX Pine.


We recommend upgrading Pine as soon as possible.


WHERE TO FIND THE NEW PACKAGE:
------------------------------

Updated pine package for Slackware 8.0: 
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/pine.tgz


MD5 SIGNATURE:
--------------

Here is the md5sum for the package:

9511772027b579c1c2c542b4bb0d85da  pine.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

Simply upgrade as root:

   # upgradepkg pine.tgz


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
   http://www.slackware.com