- ------------------------------------------------------------------------
Debian Security Advisory DSA-1802-2                  security@debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
May 21, 2009                          http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : squirrelmail
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2009-1578 CVE-2009-1579 CVE-2009-1580 CVE-2009-1581
                 CVE-2009-1381
Debian Bug     : 528528

Michal Hlavinka discovered that the fix for code execution in the
map_yp_alias function, known as CVE-2009-1579 and released in DSA 1802-1,
was incomplete. This update corrects the fix for that function.

For the old stable distribution (etch), this problem has been fixed in
version 1.4.9a-5.

For the stable distribution (lenny), this problem has been fixed in
version 1.4.15-4+lenny2.

For the unstable distribution (sid), this problem has been fixed in
version 1.4.19-1

We recommend that you upgrade your squirrelmail package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

      Size/MD5 checksum:     1021 23e85a9813bd2236e3f104ac0fa1bf6f
      Size/MD5 checksum:   598950 5b19f8cc5badef91d1f2410df41564bc
      Size/MD5 checksum:    27766 9858f9f2186d14e6b22d32c5bcc9f72b

Architecture independent packages:

      Size/MD5 checksum:   593684 cb5fada1f8fe8d8be5fa73919ac159b1

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

      Size/MD5 checksum:    26725 511fe282670270af990414215eba096f
      Size/MD5 checksum:   621320 87b466fef98e770307afffd75fe25589
      Size/MD5 checksum:     1524 449f565284127b1419212596d76b970e

Architecture independent packages:

      Size/MD5 checksum:   609144 97dd3ba6de9553b68b6e398ae627e87f


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

Debian: DSA-1802-2: New squirrelmail packages correct incomplete fix

May 21, 2009
Michal Hlavinka discovered that the fix for code execution in the map_yp_alias function, known as CVE-2009-1579 and released in DSA 1802-1, was incomplete

Summary

For the old stable distribution (etch), this problem has been fixed in
version 1.4.9a-5.

For the stable distribution (lenny), this problem has been fixed in
version 1.4.15-4+lenny2.

For the unstable distribution (sid), this problem has been fixed in
version 1.4.19-1

We recommend that you upgrade your squirrelmail package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Source archives:

Size/MD5 checksum: 1021 23e85a9813bd2236e3f104ac0fa1bf6f
Size/MD5 checksum: 598950 5b19f8cc5badef91d1f2410df41564bc
Size/MD5 checksum: 27766 9858f9f2186d14e6b22d32c5bcc9f72b

Architecture independent packages:

Size/MD5 checksum: 593684 cb5fada1f8fe8d8be5fa73919ac159b1

Debian GNU/Linux 5.0 alias lenny

Source archives:

Size/MD5 checksum: 26725 511fe282670270af990414215eba096f
Size/MD5 checksum: 621320 87b466fef98e770307afffd75fe25589
Size/MD5 checksum: 1524 449f565284127b1419212596d76b970e

Architecture independent packages:

Size/MD5 checksum: 609144 97dd3ba6de9553b68b6e398ae627e87f


These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

Severity
Michal Hlavinka discovered that the fix for code execution in the
map_yp_alias function, known as CVE-2009-1579 and released in DSA 1802-1,
was incomplete. This update corrects the fix for that function.

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up