RHSA-2004:073-01 advisory describes bugs discovered by Ulf Harnhammar in versions of metamail up to 2.7. This affects at lest RH73, and earlier, installations. I do not know about later distros; they may not include metamail. Source rpm from ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/metamail-2.7-29.src.rpm recompiles "as it" and works too. A patch supplied is kind of "obvious" once you know where to look :-) and is small wonder that such obvious bugs were not notices for so many years. This is remotely exploitable by sending a appropriately crafted message to a victim. ------- Additional Comments From jkeating 2004-02-18 14:09:53 ---- Michal, does this apply to RH7.2-8.0 ? ------- Additional Comments From michal 2004-02-18 14:16:25 ---- I do not know about RH8 (I do not have such installation around) but 7.2, and also 7.1, do include the same version of metamail; hence the same trouble and the same patch applies. Actually the same binaries will work through all 7.x distributions. ------- Additional Comments From bugs.michael 2004-02-18 22:14:42 ---- metamail was removed in rh80 ------- Additional Comments From bugs.michael 2004-02-18 22:29:43 ---- RHEL 2.1AS erratum is a direct update of rh73's 2.7-28 package. * missing "Buildrequires: libtermcap-devel" ------- Additional Comments From jkeating 2004-03-04 19:31:40 ---- Pushed to updates-testing. updated to metamail-2.7-29.7.x.legacy, and used for both 7.2/7.3. Identical package. ------- Additional Comments From jpdalbec 2004-03-10 07:30:05 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ++VERIFY RH 7.3 705a844d64e11e4c7d13d70e2b7957bbb403a33f libtool-1.4.2-13.legacy.i386.rpm 815821f416de6969939854dfa1a9215a93408040 libtool-libs-1.4.2-13.legacy.i386.rpm a27699e22525617ba294320adaa58838bb7a6535 metamail-2.7-29.7.x.legacy.i386.rpm * ldd output matches for all packages * metamail passes basic functional tests (mimencode, attachment extraction) I got a strange message from metamail, but it looks like this was caused by the fact that wvHtml modifies /etc/mailcap on installation, but doesn't remove the changes on uninstallation. metamail output: - --- This message contains 'application/msword'-format data. Do you want to view it using the 'mm.dWwOqN"' command (y/n) [y] ? n - --- /etc/mailcap entry: - --- application/msword; ns="%s"; tmp=`mktemp -q /tmp/${ns}.XXXXXX`; \ /usr/bin/wvHtml "${ns}" -o ${tmp}; \ netscape "file:${tmp}"; /bin/rm -f "${tmp}" - --- I guess the "command" string is coming from "file:${tmp}"? * shadow-utils RPM builds OK with new libtool package - it uses libtoolize, --mode=compile, --mode=link, and --mode=install. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAT1AUJL4A+ldA7asRAp6QAJ0Z71bfwTThwdF/3wzPgjpUoVx4UACguK+w u8TdSM6Mbaw6iT0CG7x+m7U= =3J6N -----END PGP SIGNATURE----- ------- Additional Comments From michal 2004-03-10 21:35:48 ---- Do you have working /usr/bin/wvHtml? I do not think that it ever shipped as "standard" with any distribution. This is part of wvWare which you can find on Sourceforge. If such action specified in 'mailcap' fails then you see questions. My "personal" mailcap entry for handling such attachments for a long while reads: application/msword; antiword %s; copiousoutput but 'antiword' is something "extra" as well. ------- Additional Comments From jpdalbec 2004-03-26 10:18:37 ---- I used to have wvHtml installed and I had my webmail software configured to use it, but too many people were bothered by the fact that large documents took a long time to convert and to render in the browser and also were not rendered accurately. I reconfigured the webmail software to serve up Word documents as-is and removed wvWare. I guess I forgot the /etc/mailcap change. ------- Additional Comments From rostetter.edu 2004-04-05 11:09:18 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For better or worse, I installed the metamail-2.7-29.7.x.legacy on my RH 8.0 machine which uses metamail, and it is working without problem. Since it works fine on RH 8.0 when not even designed for 8.0, I'd say it is pretty stable ;) I vote to publish! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAccpf4jZRbknHoPIRAmiqAJ95UtcQM9mm+wpVu/eWbQ3P9YMiNACcCyAz JszLc3ewAuonrTigAHxIHg0= =6S7r -----END PGP SIGNATURE----- ------- Additional Comments From skvidal.edu 2004-04-30 18:26:23 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Installed on a 50-100 systems. No complaints from users, performs as expected. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAkybP1Aj3x2mIbMcRAif6AKCVW+Vva5marOpReWXWUigsb9m/VACfV3TM 91e947RFXXXKeTCtfDCUbyI= =mDot -----END PGP SIGNATURE----- ------- Bug moved to this database by dkl 2005-03-30 18:23 ------- This bug previously known as bug 1305 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=1305 Originally filed under the Fedora Legacy product and Package request component. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.