Date: Thu, 23 Mar 2000 15:45:19 +0100 From: Gael Duval <gduval@mandrakesoft.com> To: lwn-mandrake-security@lwn.net Subject: [Fwd: SECURITY UPDATE: nmh] Hello, the nmh package contains a security bug in MIME headers parsing which can be exploited to trick mhshow into executing arbitrary shell code. Affected versions: 6.0, 6.1, 7.0 Please upgrade to nmh-1.0.3-1mdk.i586.rpm. Mandrake 6.0 (Venus) 809fd59b163f6e3b0bdc87b8478dc4df nmh-1.0.3-1mdk.i586.rpm b5190bc06739bfd37838b767f61f4448 nmh-1.0.3-1mdk.src.rpm Mandrake 6.1 (Helios) dc8da8edb4c04dfaa9a7cbe30172d2c7 nmh-1.0.3-1mdk.i586.rpm b5190bc06739bfd37838b767f61f4448 nmh-1.0.3-1mdk.src.rpm Mandrake 7.0 (Air) ff810f1aa01ebf1e3b272c1834f544aa nmh-1.0.3-1mdk.i586.rpm b5190bc06739bfd37838b767f61f4448 nmh-1.0.3-1mdk.src.rpm