lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041117133155.GA15546@box79162.elkhouse.de>
Date: Wed, 17 Nov 2004 14:31:55 +0100
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: [USN-26-1] bogofilter vulnerability

===========================================================
Ubuntu Security Notice USN-26-1		  November 17, 2004
bogofilter vulnerability
CAN-2004-1007
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

bogofilter

The problem can be corrected by upgrading the affected package to
version 0.92.0-1ubuntu0.1.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Antti-Juhani Kaijanaho discovered a Denial of Service vulnerability in
bogofilter. The quoted-printable decoder handled certain Base-64
encoded strings in an invalid way which caused a buffer overflow and
an immediate program abort.

The exact impact depends on the way bogofilter is integrated into the
system. In common setups, the mail that contains such malformed
headers is deferred by the mail delivery agent and remains in the
queue, where it will eventually bounce back to the sender.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_0.92.0-1ubuntu0.1.diff.gz
      Size/MD5:     8825 09252ecd72a0d71a1f4332f5ade2f76d
    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_0.92.0-1ubuntu0.1.dsc
      Size/MD5:      597 8b1cf3ccbb7ba6bd97d8caa5a8c48ed4
    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_0.92.0.orig.tar.gz
      Size/MD5:   815622 e90aebf14893f2d850d2a173ea4b815d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_0.92.0-1ubuntu0.1_amd64.deb
      Size/MD5:   313446 0df2d93a5e9548407bcbda1066f1fe1a

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_0.92.0-1ubuntu0.1_i386.deb
      Size/MD5:   278344 335e6ec086e837127ce74b3b2b82c2a5

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_0.92.0-1ubuntu0.1_powerpc.deb
      Size/MD5:   303866 f78bf60dd489e4499e90f7eff208e0c6

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ