lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050726103832.GA10622@piware.de> Date: Tue Jul 26 11:38:50 2005 From: martin.pitt at canonical.com (Martin Pitt) Subject: [USN-153-1] fetchmail vulnerability =========================================================== Ubuntu Security Notice USN-153-1 July 26, 2005 fetchmail vulnerability CAN-2005-2335 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: fetchmail The problem can be corrected by upgrading the affected package to version 6.2.5-8ubuntu2.1 (for Ubuntu 4.10), or 6.2.5-12ubuntu1.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Ross Boylan discovered a remote buffer overflow in fetchmail. By sending invalid responses with very long UIDs, a faulty or malicious POP server could crash fetchmail or execute arbitrary code with the privileges of the user invoking fetchmail. fetchmail is commonly run as root to fetch mail for multiple user accounts; in this case, this vulnerability could be exploited to compromise the whole system. Updated packages for Ubuntu 4.10 (Warty Warthog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.1.diff.gz Size/MD5: 136209 d982f973b3675ce97816a2f551e63996 http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.1.dsc Size/MD5: 639 5f2255e5e60e93b117686154bd748329 http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz Size/MD5: 1257376 9956b30139edaa4f5f77c4d0dbd80225 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmailconf_6.2.5-8ubuntu2.1_all.deb Size/MD5: 101418 a4ffcc8ebdb17707de6369db25ea7e52 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.1_amd64.deb Size/MD5: 555560 0b695cf0702e535bb8146bec44f5f13c i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.1_i386.deb Size/MD5: 546196 1455931de7ac299e5b8b1ff3c0763493 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.1_powerpc.deb Size/MD5: 556014 b48d28fec277b18a0e52738901461c18 Updated packages for Ubuntu 5.04 (Hoary Hedgehog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.1.diff.gz Size/MD5: 150286 b30b78bd0affc998fe6d9a192902e766 http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.1.dsc Size/MD5: 656 3a3527e59e6402ac8800491a675f4f70 http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz Size/MD5: 1257376 9956b30139edaa4f5f77c4d0dbd80225 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmail-ssl_6.2.5-12ubuntu1.1_all.deb Size/MD5: 42260 dfc95a76d0f6716d7f6bbefcaf0bd071 http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmailconf_6.2.5-12ubuntu1.1_all.deb Size/MD5: 101284 451d0af692ad0855377e151c6e93b5bc amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.1_amd64.deb Size/MD5: 296788 fe851a27dca46bd2d9972c88aaa8af74 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.1_i386.deb Size/MD5: 286052 eeb6ecb0dbc43fadd84297cc85f9e1d7 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.1_powerpc.deb Size/MD5: 296080 bb012afc1d28ec40c801410b9d0612c4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050726/7164faad/attachment.bin
Powered by blists - more mailing lists