Yellow Dog Linux Security Announcement
--------------------------------------

Package:	pine
Issue Date:	January 05, 2003
Priority:	medium	
Advisory ID: 	YDU-20030105-2


1. 	Topic:

	Updated pine packages are available.


2. 	Problem:

	"Pine, developed at the University of Washington, is a tool for reading,
	sending, and managing electronic messages (including mail and news).

	A security problem was found in versions of Pine 4.44 and earlier. In these
	versions, Pine does not allocate enough memory for the parsing and escaping
	of the "From" header, allowing a carefully crafted email to cause a
	buffer overflow on the heap. This will result in Pine crashing."
	(from Red Hat advisory)


3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install pine

   	b) Updating manually...
	Download the updates below and then run the following rpm command.
   	(Please use a mirror site)

		rpm -Fvh [filenames]
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
			ppc/pine-4.44-1.72.2.ppc.rpm


4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
b46e93793275c55cfd338ec8bd0dede9  ppc/pine-4.44-1.72.2.ppc.rpm
f43f4f1fde358fb0338d2525df618789  SRPMS/pine-4.44-1.72.2.src.rpm

I wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml