Users will have to update their systems in order to correct the problem

Sep 8, 2014 19:55 GMT  ·  By

Canonical has released details in a security notice about a procmail vulnerability in Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems that has been found and fixed.

The Ubuntu developers have fixed a small procmail vulnerability. Apparently, formail could have been made to crash or run programs, if it processed specially crafted mail.

According to the security notice, “Tavis Ormandy discovered that the formail tool incorrectly handled certain malformed mail headers. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code.”

For a more detailed description of the problems, you can see Canonical's security notification. Users should upgrade their Linux distribution in order to correct this issue.

The flaw can be fixed if you upgrade your system(s) to the latest procmail package specific to each distribution. To apply the patch, you can simply run the Update Manager application.

If you don't want to use the Software Updater, you can open a terminal and enter the following commands (you will need to be root):

code
sudo apt-get update
sudo apt-get dist-upgrade
In general, a standard system update will make all the necessary changes. You won't have to restart the PC in order to implement this fix.