Pan is a Gnome/GTK+ newsreader.
A bug in Pan versions prior to 0.13.4 can cause Pan to crash when parsing
an article header containing a very long author email address. This bug
causes a denial of service (crash), but cannot be exploited further. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0855 to this issue.
Users of Pan are advised to upgrade to these erratum packages, which
contain a backported patch correcting this issue.
Red Hat would like to thank Kasper Dupont for alerting us to this issue and
to Charles Kerr for providing the patch.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | i386 | pan | < 0.9.7-3 | pan-0.9.7-3.i386.rpm |
RedHat | any | ia64 | pan | < 0.9.7-3 | pan-0.9.7-3.ia64.rpm |