Debian: hypermail buffer overflow vulnerability
Summary
Ulf Harnhammar discovered two problems in hypermail, a program to
create HTML archives of mailing lists.
An attacker could craft a long filename for an attachment that would
overflow two buffers when a certain option for interactive use was
given, opening the possibility to inject arbitrary code. This code
would then be executed under the user id hypermail runs as, mostly as
a local user. Automatic and silent use of hypermail does not seem to
be affected.
The CGI program mail, which is not installed by the Debian package,
does a reverse look-up of the user's IP number and copies the
resulting hostname into a fixed-size buffer. A specially crafted DNS
reply could overflow this buffer, opening the program to an exploit.
For the stable distribution (woody) this problem has been fixed in
version 2.1.3-2.0.
For the old stable distribution (potato) this problem has been fixed
in version 2.0b25-1.1.
For the unstable distribution (sid) this problem has been fixed
in version 2.1.6-1.
We recommend that you upgrade your hypermail packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato
Source archives:
Size/MD5 checksum: 577 96bc728b8bdc3f3b31b2f6e7fb96e1c8
Size/MD5 checksum: 9685 0450f68f3ab45eadc7fab7e97076c845
Size/MD5 checksum: 297049 7a5875311ae71fc6fa5dee18e9d826ee
Alpha architecture:
Size/MD5 checksum: 416502 97032e2a8ad790a2b760a49ac39871f2
ARM architecture:
Size/MD5 checksum: 150356 d3bf5bcce7068ccec8c5e246f6cc9491
Intel IA-32 architecture:
Size/MD5 checksum: 145048 987bb3659b98eb4dc7e020afd58c24ac
Motorola 680x0 architecture:
Size/MD5 checksum: 141910 cbe0d66a017f5ab47b6318c7a40a02b6
PowerPC architecture:
Size/MD5 checksum: 156548 5cda5263360e4f39d8b82e47843039e3
Sun Sparc architecture:
Size/MD5 checksum: 175610 3dec97942bb30b61eff8c748577bc473
Debian GNU/Linux 3.0 alias woody
Source archives:
Size/MD5 checksum: 606 e335b50b6f796c6e4808084840560bee
Size/MD5 checksum: 13146 106aba184df6afb95733bfe24da073fc
Size/MD5 checksum: 723942 f1bea3df4b34e58e2f6318f2ed3f9770
Alpha architecture:
Size/MD5 checksum: 212258 8bad85e95bfa8f47e967a29a7b0a9f85
ARM architecture:
Size/MD5 checksum: 187986 0583077e67b953f71de182ff42547bbe
Intel IA-32 architecture:
Size/MD5 checksum: 179114 aeb01e13233b078e4ad7266d5b5d5860
Intel IA-64 architecture:
Size/MD5 checksum: 243654 a11258231578df4f2cbd906792990fca
HP Precision architecture:
Size/MD5 checksum: 203300 b7a96e5819c87be6c970c815c141b5ee
Motorola 680x0 architecture:
Size/MD5 checksum: 171634 ac39ecc46835d711321b42041d5e967d
Big endian MIPS architecture:
Size/MD5 checksum: 200810 2f389f8858d479e523a41e45308c201c
Little endian MIPS architecture:
Size/MD5 checksum: 199906 6d4db8dd21081d4b27c6ce1331476cb0
PowerPC architecture:
Size/MD5 checksum: 193648 cb233bbc6cb8064f59c1dc6ef56539dd
IBM S/390 architecture:
Size/MD5 checksum: 188614 68b89720900812d551c760b61af04daf
Sun Sparc architecture:
Size/MD5 checksum: 194596 103964dcf3a82f8d1df4d5afe9edecc9
These files will probably be moved into the stable distribution on
its next revision.
For apt-get: deb Debian -- Security Information stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
