lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <m1EPDaW-000ophC__2196.60343505002$1129073084$gmane$org@finlandia.Infodrom.North.DE>
Date: Tue, 11 Oct 2005 08:26:12 +0200 (CEST)
From: joey@...odrom.org (Martin Schulze)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 861-1] New uw-imap packages fix arbitrary code execution


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 861-1                     security@...ian.org
http://www.debian.org/security/                             Martin Schulze
October 11th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : uw-imap
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2933

"infamous41md" discovered a buffer overflow in uw-imap, the University
of Washington's IMAP Server that allows attackers to execute arbitrary
code.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 2002edebian1-11sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2002edebian1-11sarge1.

We recommend that you upgrade your uw-imap packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1-11sarge1.dsc
      Size/MD5 checksum:      785 bf3e532a78669fd66c329a46ea11809d
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1-11sarge1.diff.gz
      Size/MD5 checksum:    85400 b295b9c10972cb78f3b4d25394b4b31d
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1.orig.tar.gz
      Size/MD5 checksum:  1517069 8ff277e7831326988d0ee0bfeca7c8ff

  Architecture independent components:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd-ssl_2002edebian1-11sarge1_all.deb
      Size/MD5 checksum:    19982 ee7e9d78916253bef43c0513b1fa2df3
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd-ssl_2002edebian1-11sarge1_all.deb
      Size/MD5 checksum:    19968 01cd3a699013ba2679af4cd4c4c97ee7

  Alpha architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_alpha.deb
      Size/MD5 checksum:    45316 8eff87a5d99f8514a97ba925f64cc29c
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_alpha.deb
      Size/MD5 checksum:  1400536 508b3322c04aba6a16ccd8360bcb2c8f
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_alpha.deb
      Size/MD5 checksum:   623866 007e483d0f71e26d88135ebd621cf913
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_alpha.deb
      Size/MD5 checksum:    26112 1512b9c49a9e67222c42e1e1a3161f62
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_alpha.deb
      Size/MD5 checksum:    76068 d3f6e63d18eee660aec45970c75a1e9f
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_alpha.deb
      Size/MD5 checksum:    50388 7915af40dc8454ed9c28b8210785b4b2

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_amd64.deb
      Size/MD5 checksum:    43842 9ee07ca885ad0a760624ee9ac3359573
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_amd64.deb
      Size/MD5 checksum:  1241462 a04eea3b29ce844bd36e882c358ec589
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_amd64.deb
      Size/MD5 checksum:   585262 43379b991740461a5247103be7bb481c
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_amd64.deb
      Size/MD5 checksum:    25256 b46f5e4f874df2b1c64e46d4d179753f
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_amd64.deb
      Size/MD5 checksum:    71862 9ea5e627919c4dc40db2ed70047da69c
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_amd64.deb
      Size/MD5 checksum:    47526 607377887f83ed71a87264bc85317bf3

  ARM architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_arm.deb
      Size/MD5 checksum:    43908 cbb7163d6976c804f7f7dde0eba82e8f
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_arm.deb
      Size/MD5 checksum:  1218296 e942c426a47bfa5fe43b269040dc259d
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_arm.deb
      Size/MD5 checksum:   572074 325eab596c707493b112c4157192fd7d
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_arm.deb
      Size/MD5 checksum:    25284 aeedc4004a68ceb78d705c44cce7bd2b
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_arm.deb
      Size/MD5 checksum:    71378 611cd65efdeebdc3aba327482a966109
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_arm.deb
      Size/MD5 checksum:    46240 48f471e616eb16cb6682ef206eff68b5

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_i386.deb
      Size/MD5 checksum:    42640 222b9d6cfae656aeb0995b6b742a8018
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_i386.deb
      Size/MD5 checksum:  1192272 a641726681b49cbf4a59d15a992c3307
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_i386.deb
      Size/MD5 checksum:   580390 70951fce39878d16e551d0a3d20b1396
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_i386.deb
      Size/MD5 checksum:    25354 f72ec8b8f6c62b1c0185582387624fd3
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_i386.deb
      Size/MD5 checksum:    69812 9f7ef54531d8a7f98302526ba0395b93
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_i386.deb
      Size/MD5 checksum:    46514 07f09150e567ab8628e66b81ac4eef45

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_ia64.deb
      Size/MD5 checksum:    49584 cf5a3f4db538e69659eba3464ded819b
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_ia64.deb
      Size/MD5 checksum:  1392282 8ad6f8db3031f8f312cdac57b423d9a6
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_ia64.deb
      Size/MD5 checksum:   692648 0b9c67065ef7dc2bd19781778df56411
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_ia64.deb
      Size/MD5 checksum:    26856 253449914d0ebea21699f939ea21823b
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_ia64.deb
      Size/MD5 checksum:    82692 4803d5030e4521f010e28ba0129528e0
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_ia64.deb
      Size/MD5 checksum:    57218 5015cfcc9c0a4ec7100e31c86874feb4

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_hppa.deb
      Size/MD5 checksum:    45482 e9ae3633401d343357ef2ede9b5dcfde
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_hppa.deb
      Size/MD5 checksum:  1290012 79d3092981ccf2fa5f6770e68ec494a9
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_hppa.deb
      Size/MD5 checksum:   621964 9090bf13ad38d5d2584d1a2497aa59b0
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_hppa.deb
      Size/MD5 checksum:    26102 6df6311df18609d071cc918568b481ec
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_hppa.deb
      Size/MD5 checksum:    74376 e6ddda3b2f8765ef20d307888da4bb79
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_hppa.deb
      Size/MD5 checksum:    48796 a16164bb8d33476cb5ab8e9bc8bd851f

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_m68k.deb
      Size/MD5 checksum:    42198 0c460fb08a6baf8597d588b06c0eb866
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_m68k.deb
      Size/MD5 checksum:  1202760 bcfd325de3b1ae80142fd40863c98480
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_m68k.deb
      Size/MD5 checksum:   557322 355de85312016eee76b442f617a1fa7b
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_m68k.deb
      Size/MD5 checksum:    25282 7a22722226b591ddd992b340eed62a79
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_m68k.deb
      Size/MD5 checksum:    67800 b78499f7aedee1af72a0abdce500bf1b
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_m68k.deb
      Size/MD5 checksum:    45972 6d387a13b396d2af4fb9c3a0a739e703

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_mips.deb
      Size/MD5 checksum:    45198 64a47c0e7299d4b9c2fabf9f5dbcd270
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_mips.deb
      Size/MD5 checksum:  1293040 0de4a01dd9aa001d0c9e3970add39139
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_mips.deb
      Size/MD5 checksum:   584784 b9981e6e319358c956ee8038e7ea70b5
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_mips.deb
      Size/MD5 checksum:    26032 91f708c3c2aaac1ff684a0067761479f
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_mips.deb
      Size/MD5 checksum:    70504 a77dc274b6df53c30e13aa54f933fda1
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_mips.deb
      Size/MD5 checksum:    51994 b03effecefe81dab0d9523bcd4d31287

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_mipsel.deb
      Size/MD5 checksum:    45138 d8319d4a2e984218582a2afcd3cd1f61
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_mipsel.deb
      Size/MD5 checksum:  1266374 12718fcede276595c4f6060adc06e50c
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_mipsel.deb
      Size/MD5 checksum:   584592 574d31724a1022e62a4c4954c4744b4b
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_mipsel.deb
      Size/MD5 checksum:    26024 60437f28a8d255810fc33b215fe124ca
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_mipsel.deb
      Size/MD5 checksum:    70396 8b11bea999587f10987960d36d122739
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_mipsel.deb
      Size/MD5 checksum:    52042 7f1f9bd83e7e82f3e3df8ae0a505f222

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_powerpc.deb
      Size/MD5 checksum:    44714 3be1ef718719a94a9755ac2492bf4736
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_powerpc.deb
      Size/MD5 checksum:  1367392 5140873290e9c5eceeb81adb45b4cfbe
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_powerpc.deb
      Size/MD5 checksum:   584320 b249e6621e1b6835eb2d19c5307706ed
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_powerpc.deb
      Size/MD5 checksum:    25724 ad84786248356abddf83822e32fad4e1
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_powerpc.deb
      Size/MD5 checksum:    70054 3b49efb35b29fe1383d77acc99e77220
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_powerpc.deb
      Size/MD5 checksum:    49518 16be979ed27da72276922377cfe4e63f

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_s390.deb
      Size/MD5 checksum:    45220 f0f89e4980b1ae8d016a18a4465d5daa
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_s390.deb
      Size/MD5 checksum:  1605558 ab2145e4e5ed815eac6b535ed852a075
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_s390.deb
      Size/MD5 checksum:   598718 d65ae25a64e58b9657e4d289c426aa8d
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_s390.deb
      Size/MD5 checksum:    25794 5958825b0b8f38b1768c0172d70f7a92
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_s390.deb
      Size/MD5 checksum:    73032 7c90176a07024e8d4103b3c53da66d7c
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_s390.deb
      Size/MD5 checksum:    48286 d0b533d1d55562880e2830e6d9840b97

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_sparc.deb
      Size/MD5 checksum:    43512 2769984cb6ade49615903339399f76fc
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_sparc.deb
      Size/MD5 checksum:  1230520 b2fb2513b5a3e244c8dcddfc0e944c59
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_sparc.deb
      Size/MD5 checksum:   578812 1e99dac1bb48e24cc2dfc68e32be3a0b
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_sparc.deb
      Size/MD5 checksum:    25348 b763253c4b4767fcfffcefea7f708245
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_sparc.deb
      Size/MD5 checksum:    71438 a9f91e6c21f28a5a2ff630913d85a2aa
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_sparc.deb
      Size/MD5 checksum:    46204 bc1f2368bfddcde27cc20ee264234122


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDS1sDW5ql+IAeqTIRAk+oAJ4uTsc2Qld/uc0Zsy9KNQE6qiqr3wCfck2O
b3NCzziKDwQTeGXHcBRTEuw=
=u0R4
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ