lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050826135447.GA21998@piware.de>
Date: Fri, 26 Aug 2005 15:54:47 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-174-1] courier vulnerability

===========================================================
Ubuntu Security Notice USN-174-1	    August 26, 2005
courier vulnerability
CAN-2005-2151
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

courier-base

The problem can be corrected by upgrading the affected package to
version 0.47-3ubuntu1.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

A Denial of Service vulnerability has been discovered in the Courier
mail server. Due to a flawed status code check, failed DNS (domain
name service) queries for SPF (sender policy framework) were not
handled properly and could lead to memory corruption. A malicious DNS
server could exploit this to crash the Courier server.

However, SPF is not enabled by default, so you are only vulnerable if
you explicitly enabled it.

The Ubuntu 4.10 version of courier is not affected by this.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier_0.47-3ubuntu1.1.diff.gz
      Size/MD5:   106779 1a9b25b9a8a00e3ef25cdb0f246913bb
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier_0.47-3ubuntu1.1.dsc
      Size/MD5:     1204 b597835faf1ace190efe31862e565f14
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier_0.47.orig.tar.gz
      Size/MD5:  6350808 361a84e497148ce557c150d3576ec24b

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-doc_0.47-3ubuntu1.1_all.deb
      Size/MD5:   370214 2f491d963cff6f0443e7a386a314e5fb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-authdaemon_0.47-3ubuntu1.1_amd64.deb
      Size/MD5:    61876 de263d02b5f22d28e544d7c44a7fd0fa
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-authmysql_0.47-3ubuntu1.1_amd64.deb
      Size/MD5:    56580 84732b3212841e6f8287725e66546532
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-authpostgresql_0.47-3ubuntu1.1_amd64.deb
      Size/MD5:    56790 36f6d95274da8147ef602bb529165f15
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-base_0.47-3ubuntu1.1_amd64.deb
      Size/MD5:   256868 a5b6772fc595d5fb405ec58cc3836343
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-faxmail_0.47-3ubuntu1.1_amd64.deb
      Size/MD5:    28430 10628e477c7e9f5d9d88b4c540a8fd67
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-imap-ssl_3.0.8-3ubuntu1.1_amd64.deb
      Size/MD5:    20988 1cd30b0c20a1c49b6662251954b17edf
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-imap_3.0.8-3ubuntu1.1_amd64.deb
      Size/MD5:   950426 8c1b21e6e28eb4de46d6ceb0d7febb4c
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-ldap_0.47-3ubuntu1.1_amd64.deb
      Size/MD5:    73698 4f6c8fbbdce0cf96eadb8367d196b581
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-maildrop_0.47-3ubuntu1.1_amd64.deb
      Size/MD5:   942982 d5960e61994809c9e3affc3e42b4014b
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-mlm_0.47-3ubuntu1.1_amd64.deb
      Size/MD5:   122324 c228b012609b35efd9c073b82953409a
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-mta-ssl_0.47-3ubuntu1.1_amd64.deb
      Size/MD5:    19000 2d56a63f0560bae92d9a3ce437ec40e7
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-mta_0.47-3ubuntu1.1_amd64.deb
      Size/MD5:  2157216 b8bb4e90aa5aa42fea1e3bdc48ac0683
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-pcp_0.47-3ubuntu1.1_amd64.deb
      Size/MD5:    66194 487ff885cb1958bf6be0bc6194a653be
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-pop-ssl_0.47-3ubuntu1.1_amd64.deb
      Size/MD5:    20792 d65da48fead292db9dcd7b76d5258e1d
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-pop_0.47-3ubuntu1.1_amd64.deb
      Size/MD5:   422972 0e9ba8bb27a01c8bed8af314d2798f12
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-ssl_0.47-3ubuntu1.1_amd64.deb
      Size/MD5:   195262 c857932ff7bd5d9d89b87bb8ff2ba3d2
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-webadmin_0.47-3ubuntu1.1_amd64.deb
      Size/MD5:    34116 ef1b279b0a81defbe3a6987f323bd4c7
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/sqwebmail_0.47-3ubuntu1.1_amd64.deb
      Size/MD5:   797796 7947a2d059a1477c45d7f8267e5a27c8

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-authdaemon_0.47-3ubuntu1.1_i386.deb
      Size/MD5:    55720 b29081bd370dc167bd49bb777577ce07
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-authmysql_0.47-3ubuntu1.1_i386.deb
      Size/MD5:    51706 181aa889862179da1b102c24e417a605
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-authpostgresql_0.47-3ubuntu1.1_i386.deb
      Size/MD5:    51808 020ba1b7d33cf285d113565a60c0c9a7
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-base_0.47-3ubuntu1.1_i386.deb
      Size/MD5:   233042 db4f3db33ee426d07efb9e26464ea8a4
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-faxmail_0.47-3ubuntu1.1_i386.deb
      Size/MD5:    28440 f2f30753cd5b77ca443dd609bf4b6640
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-imap-ssl_3.0.8-3ubuntu1.1_i386.deb
      Size/MD5:    21000 91262b5dd89d2f2e2c3c6b8f3ca9b3ee
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-imap_3.0.8-3ubuntu1.1_i386.deb
      Size/MD5:   925154 a19438bf0affca4f39e4834144ce6f57
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-ldap_0.47-3ubuntu1.1_i386.deb
      Size/MD5:    67124 45d40251a45b6e1eb022c07a5c0ac96c
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-maildrop_0.47-3ubuntu1.1_i386.deb
      Size/MD5:   916614 e2ae94557cc43a0fccfdede6b494847f
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-mlm_0.47-3ubuntu1.1_i386.deb
      Size/MD5:   117024 7e13101fce208ee36ad295cc96f58b8c
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-mta-ssl_0.47-3ubuntu1.1_i386.deb
      Size/MD5:    19000 6b98ae4bf01a0b755ce36ee8450df913
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-mta_0.47-3ubuntu1.1_i386.deb
      Size/MD5:  2051398 54785d8358798e01c1e7cd75a0179f87
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-pcp_0.47-3ubuntu1.1_i386.deb
      Size/MD5:    59412 659165ad7435919cae62087ea67a61c8
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-pop-ssl_0.47-3ubuntu1.1_i386.deb
      Size/MD5:    20798 a8511ba4003d0a98910780f9c6a81b51
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-pop_0.47-3ubuntu1.1_i386.deb
      Size/MD5:   414710 0661fbb59d4822bbaa89cd76ed0faec3
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-ssl_0.47-3ubuntu1.1_i386.deb
      Size/MD5:   191648 703725b68576be2e0e2dde7365c89b56
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-webadmin_0.47-3ubuntu1.1_i386.deb
      Size/MD5:    33930 a3ba2eafbada47a29bbbe0c348abcb4f
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/sqwebmail_0.47-3ubuntu1.1_i386.deb
      Size/MD5:   764474 77a7807c6dc4b29c65226b4116a0ab60

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-authdaemon_0.47-3ubuntu1.1_powerpc.deb
      Size/MD5:    62180 026f930d9aeda05abe3c96c4a5134576
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-authmysql_0.47-3ubuntu1.1_powerpc.deb
      Size/MD5:    57404 eaf62404759ff0a9b51aec53085c5937
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-authpostgresql_0.47-3ubuntu1.1_powerpc.deb
      Size/MD5:    57596 8263e0f917a29040aefc369b6d03dee0
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-base_0.47-3ubuntu1.1_powerpc.deb
      Size/MD5:   251108 002164890ff6fa38aa38250769f6e865
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-faxmail_0.47-3ubuntu1.1_powerpc.deb
      Size/MD5:    28440 64937b2ca6bfd5ea6991f20b1643e08c
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-imap-ssl_3.0.8-3ubuntu1.1_powerpc.deb
      Size/MD5:    21002 bff8911a3e3f3a170af82e0bf6b4d3d4
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-imap_3.0.8-3ubuntu1.1_powerpc.deb
      Size/MD5:  1066812 d89d19a6f329b0616cc11fa5cb50493d
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-ldap_0.47-3ubuntu1.1_powerpc.deb
      Size/MD5:    74626 0c9d8caf59d0690736c5cb78d86c4736
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-maildrop_0.47-3ubuntu1.1_powerpc.deb
      Size/MD5:  1059480 e526ec1ecbc8450f04f01570a94fc6e2
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-mlm_0.47-3ubuntu1.1_powerpc.deb
      Size/MD5:   128576 1e5ebe65797acf318b908d97ce72e598
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-mta-ssl_0.47-3ubuntu1.1_powerpc.deb
      Size/MD5:    19004 cfe16a1f74132bde222846531c846627
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-mta_0.47-3ubuntu1.1_powerpc.deb
      Size/MD5:  2381060 51e095bc967480104ae0eed642f0bbcc
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-pcp_0.47-3ubuntu1.1_powerpc.deb
      Size/MD5:    66298 73ae71988e6f4eac389849f2ccc93928
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-pop-ssl_0.47-3ubuntu1.1_powerpc.deb
      Size/MD5:    20794 fbc719659328c0364592cdb053c307e4
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-pop_0.47-3ubuntu1.1_powerpc.deb
      Size/MD5:   478786 ec23e9d7a4ec7a3147ed5ee3dd56d1c9
    http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-ssl_0.47-3ubuntu1.1_powerpc.deb
      Size/MD5:   196272 d0f53bb2e6e062953614af0c8b9c8c29
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-webadmin_0.47-3ubuntu1.1_powerpc.deb
      Size/MD5:    34308 eca6058c39efaca3b818cd826e768782
    http://security.ubuntu.com/ubuntu/pool/universe/c/courier/sqwebmail_0.47-3ubuntu1.1_powerpc.deb
      Size/MD5:   860430 5f8aecef0639b6be5738509811f8de29

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ