lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1EPDaW-000ophC__2196.60343505002$1129073084$gmane$org@finlandia.Infodrom.North.DE> Date: Tue, 11 Oct 2005 08:26:12 +0200 (CEST) From: joey@...odrom.org (Martin Schulze) To: bugtraq@...urityfocus.com Subject: [SECURITY] [DSA 861-1] New uw-imap packages fix arbitrary code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 861-1 security@...ian.org http://www.debian.org/security/ Martin Schulze October 11th, 2005 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : uw-imap Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CAN-2005-2933 "infamous41md" discovered a buffer overflow in uw-imap, the University of Washington's IMAP Server that allows attackers to execute arbitrary code. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 2002edebian1-11sarge1. For the unstable distribution (sid) this problem has been fixed in version 2002edebian1-11sarge1. We recommend that you upgrade your uw-imap packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1-11sarge1.dsc Size/MD5 checksum: 785 bf3e532a78669fd66c329a46ea11809d http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1-11sarge1.diff.gz Size/MD5 checksum: 85400 b295b9c10972cb78f3b4d25394b4b31d http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1.orig.tar.gz Size/MD5 checksum: 1517069 8ff277e7831326988d0ee0bfeca7c8ff Architecture independent components: http://security.debian.org/pool/updates/main/u/uw-imap/ipopd-ssl_2002edebian1-11sarge1_all.deb Size/MD5 checksum: 19982 ee7e9d78916253bef43c0513b1fa2df3 http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd-ssl_2002edebian1-11sarge1_all.deb Size/MD5 checksum: 19968 01cd3a699013ba2679af4cd4c4c97ee7 Alpha architecture: http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_alpha.deb Size/MD5 checksum: 45316 8eff87a5d99f8514a97ba925f64cc29c http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_alpha.deb Size/MD5 checksum: 1400536 508b3322c04aba6a16ccd8360bcb2c8f http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_alpha.deb Size/MD5 checksum: 623866 007e483d0f71e26d88135ebd621cf913 http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_alpha.deb Size/MD5 checksum: 26112 1512b9c49a9e67222c42e1e1a3161f62 http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_alpha.deb Size/MD5 checksum: 76068 d3f6e63d18eee660aec45970c75a1e9f http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_alpha.deb Size/MD5 checksum: 50388 7915af40dc8454ed9c28b8210785b4b2 AMD64 architecture: http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_amd64.deb Size/MD5 checksum: 43842 9ee07ca885ad0a760624ee9ac3359573 http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_amd64.deb Size/MD5 checksum: 1241462 a04eea3b29ce844bd36e882c358ec589 http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_amd64.deb Size/MD5 checksum: 585262 43379b991740461a5247103be7bb481c http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_amd64.deb Size/MD5 checksum: 25256 b46f5e4f874df2b1c64e46d4d179753f http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_amd64.deb Size/MD5 checksum: 71862 9ea5e627919c4dc40db2ed70047da69c http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_amd64.deb Size/MD5 checksum: 47526 607377887f83ed71a87264bc85317bf3 ARM architecture: http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_arm.deb Size/MD5 checksum: 43908 cbb7163d6976c804f7f7dde0eba82e8f http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_arm.deb Size/MD5 checksum: 1218296 e942c426a47bfa5fe43b269040dc259d http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_arm.deb Size/MD5 checksum: 572074 325eab596c707493b112c4157192fd7d http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_arm.deb Size/MD5 checksum: 25284 aeedc4004a68ceb78d705c44cce7bd2b http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_arm.deb Size/MD5 checksum: 71378 611cd65efdeebdc3aba327482a966109 http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_arm.deb Size/MD5 checksum: 46240 48f471e616eb16cb6682ef206eff68b5 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_i386.deb Size/MD5 checksum: 42640 222b9d6cfae656aeb0995b6b742a8018 http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_i386.deb Size/MD5 checksum: 1192272 a641726681b49cbf4a59d15a992c3307 http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_i386.deb Size/MD5 checksum: 580390 70951fce39878d16e551d0a3d20b1396 http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_i386.deb Size/MD5 checksum: 25354 f72ec8b8f6c62b1c0185582387624fd3 http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_i386.deb Size/MD5 checksum: 69812 9f7ef54531d8a7f98302526ba0395b93 http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_i386.deb Size/MD5 checksum: 46514 07f09150e567ab8628e66b81ac4eef45 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_ia64.deb Size/MD5 checksum: 49584 cf5a3f4db538e69659eba3464ded819b http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_ia64.deb Size/MD5 checksum: 1392282 8ad6f8db3031f8f312cdac57b423d9a6 http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_ia64.deb Size/MD5 checksum: 692648 0b9c67065ef7dc2bd19781778df56411 http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_ia64.deb Size/MD5 checksum: 26856 253449914d0ebea21699f939ea21823b http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_ia64.deb Size/MD5 checksum: 82692 4803d5030e4521f010e28ba0129528e0 http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_ia64.deb Size/MD5 checksum: 57218 5015cfcc9c0a4ec7100e31c86874feb4 HP Precision architecture: http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_hppa.deb Size/MD5 checksum: 45482 e9ae3633401d343357ef2ede9b5dcfde http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_hppa.deb Size/MD5 checksum: 1290012 79d3092981ccf2fa5f6770e68ec494a9 http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_hppa.deb Size/MD5 checksum: 621964 9090bf13ad38d5d2584d1a2497aa59b0 http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_hppa.deb Size/MD5 checksum: 26102 6df6311df18609d071cc918568b481ec http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_hppa.deb Size/MD5 checksum: 74376 e6ddda3b2f8765ef20d307888da4bb79 http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_hppa.deb Size/MD5 checksum: 48796 a16164bb8d33476cb5ab8e9bc8bd851f Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_m68k.deb Size/MD5 checksum: 42198 0c460fb08a6baf8597d588b06c0eb866 http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_m68k.deb Size/MD5 checksum: 1202760 bcfd325de3b1ae80142fd40863c98480 http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_m68k.deb Size/MD5 checksum: 557322 355de85312016eee76b442f617a1fa7b http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_m68k.deb Size/MD5 checksum: 25282 7a22722226b591ddd992b340eed62a79 http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_m68k.deb Size/MD5 checksum: 67800 b78499f7aedee1af72a0abdce500bf1b http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_m68k.deb Size/MD5 checksum: 45972 6d387a13b396d2af4fb9c3a0a739e703 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_mips.deb Size/MD5 checksum: 45198 64a47c0e7299d4b9c2fabf9f5dbcd270 http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_mips.deb Size/MD5 checksum: 1293040 0de4a01dd9aa001d0c9e3970add39139 http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_mips.deb Size/MD5 checksum: 584784 b9981e6e319358c956ee8038e7ea70b5 http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_mips.deb Size/MD5 checksum: 26032 91f708c3c2aaac1ff684a0067761479f http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_mips.deb Size/MD5 checksum: 70504 a77dc274b6df53c30e13aa54f933fda1 http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_mips.deb Size/MD5 checksum: 51994 b03effecefe81dab0d9523bcd4d31287 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_mipsel.deb Size/MD5 checksum: 45138 d8319d4a2e984218582a2afcd3cd1f61 http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_mipsel.deb Size/MD5 checksum: 1266374 12718fcede276595c4f6060adc06e50c http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_mipsel.deb Size/MD5 checksum: 584592 574d31724a1022e62a4c4954c4744b4b http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_mipsel.deb Size/MD5 checksum: 26024 60437f28a8d255810fc33b215fe124ca http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_mipsel.deb Size/MD5 checksum: 70396 8b11bea999587f10987960d36d122739 http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_mipsel.deb Size/MD5 checksum: 52042 7f1f9bd83e7e82f3e3df8ae0a505f222 PowerPC architecture: http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_powerpc.deb Size/MD5 checksum: 44714 3be1ef718719a94a9755ac2492bf4736 http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_powerpc.deb Size/MD5 checksum: 1367392 5140873290e9c5eceeb81adb45b4cfbe http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_powerpc.deb Size/MD5 checksum: 584320 b249e6621e1b6835eb2d19c5307706ed http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_powerpc.deb Size/MD5 checksum: 25724 ad84786248356abddf83822e32fad4e1 http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_powerpc.deb Size/MD5 checksum: 70054 3b49efb35b29fe1383d77acc99e77220 http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_powerpc.deb Size/MD5 checksum: 49518 16be979ed27da72276922377cfe4e63f IBM S/390 architecture: http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_s390.deb Size/MD5 checksum: 45220 f0f89e4980b1ae8d016a18a4465d5daa http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_s390.deb Size/MD5 checksum: 1605558 ab2145e4e5ed815eac6b535ed852a075 http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_s390.deb Size/MD5 checksum: 598718 d65ae25a64e58b9657e4d289c426aa8d http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_s390.deb Size/MD5 checksum: 25794 5958825b0b8f38b1768c0172d70f7a92 http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_s390.deb Size/MD5 checksum: 73032 7c90176a07024e8d4103b3c53da66d7c http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_s390.deb Size/MD5 checksum: 48286 d0b533d1d55562880e2830e6d9840b97 Sun Sparc architecture: http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_sparc.deb Size/MD5 checksum: 43512 2769984cb6ade49615903339399f76fc http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_sparc.deb Size/MD5 checksum: 1230520 b2fb2513b5a3e244c8dcddfc0e944c59 http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_sparc.deb Size/MD5 checksum: 578812 1e99dac1bb48e24cc2dfc68e32be3a0b http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_sparc.deb Size/MD5 checksum: 25348 b763253c4b4767fcfffcefea7f708245 http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_sparc.deb Size/MD5 checksum: 71438 a9f91e6c21f28a5a2ff630913d85a2aa http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_sparc.deb Size/MD5 checksum: 46204 bc1f2368bfddcde27cc20ee264234122 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@...ts.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDS1sDW5ql+IAeqTIRAk+oAJ4uTsc2Qld/uc0Zsy9KNQE6qiqr3wCfck2O b3NCzziKDwQTeGXHcBRTEuw= =u0R4 -----END PGP SIGNATURE-----