lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1EMnQK-000of1C@finlandia.Infodrom.North.DE> Date: Tue Oct 4 15:07:45 2005 From: joey at infodrom.org (Martin Schulze) Subject: [SECURITY] [DSA 841-1] New mailutils packages fix arbitrary code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 841-1 security@...ian.org http://www.debian.org/security/ Martin Schulze October 4th, 2005 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : mailutils Vulnerability : format string vulnerability Problem type : remote Debian-specific: no CVE ID : CAN-2005-2878 A format string vulnerability has been discovered in GNU mailutils which contains utilities for handling mail that allows a remote attacker to execute arbitrary code on the IMAP server. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 0.6.1-4sarge1. For the unstable distribution (sid) this problem has been fixed in version 0.6.90-3. We recommend that you upgrade your mailutils package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1.dsc Size/MD5 checksum: 1105 571f9dc4dd73866f6888f7ad40d445a9 http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1.diff.gz Size/MD5 checksum: 37030 cdeaf9acb33abf47aadeb899163db03c http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1.orig.tar.gz Size/MD5 checksum: 3053948 47ff446d55909e2777efb9e912b23de5 Architecture independent components: http://security.debian.org/pool/updates/main/m/mailutils/mailutils-doc_0.6.1-4sarge1_all.deb Size/MD5 checksum: 287326 f8cc3cd1b4d753c77a49a488768fed4a Alpha architecture: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_alpha.deb Size/MD5 checksum: 606384 f54df2eb18e6b761feb6e39c5c025898 http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_alpha.deb Size/MD5 checksum: 538700 4088fade15aa91790a4eeaf968e3deb1 http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_alpha.deb Size/MD5 checksum: 171206 ad50d9f2a50366a91134e355764e8db3 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_alpha.deb Size/MD5 checksum: 48714 cde882256182f1efc3f65ee5fb8a5a91 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_alpha.deb Size/MD5 checksum: 87216 b73d7281c7b568e00a09e6102c2f8bcb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_alpha.deb Size/MD5 checksum: 840400 a3896dfc973058db179400e793584849 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_alpha.deb Size/MD5 checksum: 66522 14ae8401d93659894b73759b1b478f8b AMD64 architecture: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_amd64.deb Size/MD5 checksum: 572810 6f359d09d1146ca5ba91342cf47e8aed http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_amd64.deb Size/MD5 checksum: 419252 63ffc694a1ae01ce93cff42a542a23f5 http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_amd64.deb Size/MD5 checksum: 156792 cbf58f684ae6016c66732100bc59549f http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_amd64.deb Size/MD5 checksum: 47420 7819e7f8bedf0cb6a9e736cbbad0261b http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_amd64.deb Size/MD5 checksum: 80310 c1c891e8de7f71ea1747e7345449bccf http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_amd64.deb Size/MD5 checksum: 747904 b8a99a4c9ba9bd23a2d81c3e8b1873a1 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_amd64.deb Size/MD5 checksum: 63066 7fd0d97ddbdd61306a690c5f135c5eac ARM architecture: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_arm.deb Size/MD5 checksum: 527430 4ddcccc6f44fc7df839b2c028fffe55a http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_arm.deb Size/MD5 checksum: 398996 041963fa2132bf8473f119b9a0c46b98 http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_arm.deb Size/MD5 checksum: 139946 138bd36d955a0590663691da9a924e87 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_arm.deb Size/MD5 checksum: 45920 395f7450d6d6808d9e650dd0191bdc98 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_arm.deb Size/MD5 checksum: 73224 3d99823d12f33edbc4ba48a78785c065 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_arm.deb Size/MD5 checksum: 611910 85de420573e56df18b696f99986d2e4e http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_arm.deb Size/MD5 checksum: 58728 1713cfbb377dcf306f502766555e2c56 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_i386.deb Size/MD5 checksum: 546638 33c7ba82e32cb44e60ccc11c898350aa http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_i386.deb Size/MD5 checksum: 368170 eb33117e3ea1af53f9acb25b91d19802 http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_i386.deb Size/MD5 checksum: 143594 e031d8e9c5e66ace4391f915d8505199 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_i386.deb Size/MD5 checksum: 46600 4e5ac10b6ccf7ce323d01631da6406db http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_i386.deb Size/MD5 checksum: 75060 080e134a5b18a50691573fcb2587ceea http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_i386.deb Size/MD5 checksum: 648372 0b390cfe6f739dc61b964c60b47b5f22 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_i386.deb Size/MD5 checksum: 60458 88304f09d9508705d6689ba581380eb6 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_ia64.deb Size/MD5 checksum: 686370 4cb54d890bc50a94b4c86abdbf33eee7 http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_ia64.deb Size/MD5 checksum: 560412 9ac160e35b8af32107d58726b5b64107 http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_ia64.deb Size/MD5 checksum: 198664 ee929d5849173c9ab70928bc61e69bee http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_ia64.deb Size/MD5 checksum: 51238 9d39ff55ab465b23b5c661b47ae9630d http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_ia64.deb Size/MD5 checksum: 96998 54e94843d30f4eff696ebcdd45c7a539 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_ia64.deb Size/MD5 checksum: 990306 69e8b44efc1925b8ae388b37274b7b82 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_ia64.deb Size/MD5 checksum: 72422 245ec7e13466de3d1d43eec6abdb741e HP Precision architecture: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_hppa.deb Size/MD5 checksum: 595258 d4ca564d255bdc33d1769c1b1063fe8e http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_hppa.deb Size/MD5 checksum: 442204 5c238fde3c655bcf043180e90f47172a http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_hppa.deb Size/MD5 checksum: 158120 b8f5748edf06712cb7dce347f93ef407 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_hppa.deb Size/MD5 checksum: 47578 6e041420aea5d1edd31c5a34d69bbefa http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_hppa.deb Size/MD5 checksum: 79582 9e03d9c6cbfb8ac2381a82c9098d3117 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_hppa.deb Size/MD5 checksum: 743390 8039702fb15714fbf208e593387772ef http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_hppa.deb Size/MD5 checksum: 62636 1974df850795b3c8e90f711feed74353 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_m68k.deb Size/MD5 checksum: 530392 feb5047c2cb1b1aa622ce00f4fa88a8e http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_m68k.deb Size/MD5 checksum: 342010 8be136e24deac85778b6aed825eedf4b http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_m68k.deb Size/MD5 checksum: 137976 21192aff6dabf3ce2dd720ac621bdd79 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_m68k.deb Size/MD5 checksum: 46002 11524c5af73a9230b396acfbc8ac70ef http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_m68k.deb Size/MD5 checksum: 71980 b19b14b7d6fab2d65691841b237535c4 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_m68k.deb Size/MD5 checksum: 585942 96fb6e0b0bd5c77135471137bf4e03f3 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_m68k.deb Size/MD5 checksum: 58532 5e08996c218aed9d69df307dc5cfc25c Big endian MIPS architecture: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_mips.deb Size/MD5 checksum: 546328 fd4c71af25939af23fef5f3264282fb2 http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_mips.deb Size/MD5 checksum: 435486 3e0e0384e04a09384d770b1ab4baea32 http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_mips.deb Size/MD5 checksum: 170178 91bdf8e9f748cc7d59720bde9a2902ea http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_mips.deb Size/MD5 checksum: 47324 92c7228dab7e3eef27830516725d92c2 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_mips.deb Size/MD5 checksum: 79408 9a53d5edbbde3e22891c17e46d963df4 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_mips.deb Size/MD5 checksum: 736470 05e81cdbde2a46b0390395673a08cc1f http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_mips.deb Size/MD5 checksum: 63246 23f641022bea23e89754fcfdbe6a0ee7 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_mipsel.deb Size/MD5 checksum: 543782 d3b0685929f7a7509593070bd6c3cb24 http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_mipsel.deb Size/MD5 checksum: 435074 0b429dc39083c2f1d297fe74109d9ff1 http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_mipsel.deb Size/MD5 checksum: 169236 8f8baa1b0c29f740c6df24eef4be72f4 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_mipsel.deb Size/MD5 checksum: 47348 928829f7677458a3a98a172de42845bf http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_mipsel.deb Size/MD5 checksum: 79370 af3aac9553ed1b32b5e202be0c5f25ee http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_mipsel.deb Size/MD5 checksum: 733964 4896c6d726bf6bb55ca3799bf16316b1 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_mipsel.deb Size/MD5 checksum: 63062 0b6a4acd7abdce23cc5453eb74fe0ace PowerPC architecture: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_powerpc.deb Size/MD5 checksum: 562656 f67259ab832b0f8c0603cdc67dbe7da5 http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_powerpc.deb Size/MD5 checksum: 413256 52af6f53afe953e2b61c6963a7767fa4 http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_powerpc.deb Size/MD5 checksum: 157132 dbea4cf9d3c13eb64dbfb6c45afc4656 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_powerpc.deb Size/MD5 checksum: 48140 a17f9d5f6819a01c43203bba60bd1318 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_powerpc.deb Size/MD5 checksum: 77740 a49bb18465fd525432408f04a1a5e2eb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_powerpc.deb Size/MD5 checksum: 703556 0313c6d7732ea9dc02fdfe761d19d285 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_powerpc.deb Size/MD5 checksum: 62720 b872dc38bd68f37eade1d93122b06d5d IBM S/390 architecture: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_s390.deb Size/MD5 checksum: 588272 9b08cf5bf32808febe51d504f7a1de28 http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_s390.deb Size/MD5 checksum: 414258 e4dfb8ba1d2c9ae961f4266535b1db13 http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_s390.deb Size/MD5 checksum: 156044 e3a2c3bc8577fe048961dfafd65af520 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_s390.deb Size/MD5 checksum: 47764 12c866ffaf0c4bdf3e1740b3204159af http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_s390.deb Size/MD5 checksum: 80440 972141900eb33f9f5af71f2dbd7735af http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_s390.deb Size/MD5 checksum: 751338 41c5a8f2321793932ed0b656d6d2ab5d http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_s390.deb Size/MD5 checksum: 63234 c7c4a9cddd4883057bf48259fc48da4d Sun Sparc architecture: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_sparc.deb Size/MD5 checksum: 538590 c087d0acbb5aaa85a2a604d502405ef2 http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_sparc.deb Size/MD5 checksum: 377926 afe33096c3f86adb272ead55253ee886 http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_sparc.deb Size/MD5 checksum: 139886 9138582e6bdd999321b9073ed8164b64 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_sparc.deb Size/MD5 checksum: 46012 d13c45d9852f0400e61ec550da0f427e http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_sparc.deb Size/MD5 checksum: 73622 0ecb0584c1652b26373dd22c457f1a5a http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_sparc.deb Size/MD5 checksum: 624018 ad86570361a60694083e945abd2a5ff6 http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_sparc.deb Size/MD5 checksum: 58758 b4c553eaee679c961775fcac89cbd168 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@...ts.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDQow0W5ql+IAeqTIRAjl8AKCZ6yzQh+kjbc01R2cqEssi1WxfDACaApKK G6P/OOZHiYahO0UOlOqw438= =Q/nQ -----END PGP SIGNATURE-----