Debian: metamail Multiple vulnerabilities

    Date24 Feb 2004
    CategoryDebian
    3574
    Posted ByLinuxSecurity Advisories
    An attacker could create a carefully-crafted mail message which will execute arbitrary code as the victim when it is opened and parsed through metamail.
    
    Debian Security Advisory DSA 449-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    February 24th, 2004                      http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : metamail
    Vulnerability  : buffer overflow, format string bugs
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2004-0104 CAN-2004-0105
    
    Ulf Härnhammar discovered two format string bugs (CAN-2004-0104) and
    two buffer overflow bugs (CAN-2004-0105) in metamail, an
    implementation of MIME.  An attacker could create a carefully-crafted
    mail message which will execute arbitrary code as the victim when it
    is opened and parsed through metamail.
    
    We have been devoting some effort to trying to avoid shipping metamail
    in the future.  It became unmaintainable and these are probably not
    the last of the vulnerabilities.
    
    For the stable distribution (woody) these problems have been fixed in
    version 2.7-45woody.2.
    
    For the unstable distribution (sid) these problems will be fixed in
    version 2.7-45.2.
    
    We recommend that you upgrade your metamail package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2.dsc
          Size/MD5 checksum:      613 eb8246a16fb3e6dbbd80247b53ae8153
         http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2.diff.gz
          Size/MD5 checksum:   333224 532b053589bc1038ea55d340ab93ee6e
         http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7.orig.tar.gz
          Size/MD5 checksum:   156656 c6967e9bc5d3c919764b02df24efca01
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_alpha.deb
          Size/MD5 checksum:   165818 92127db2f58390fdbb168c9cf2ccc2ce
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_arm.deb
          Size/MD5 checksum:   153160 72b8d81c7c4a9027b508c45fd5d8b39e
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_i386.deb
          Size/MD5 checksum:   150252 2f3905d2923d8ecded2df290762b3c56
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_ia64.deb
          Size/MD5 checksum:   205530 8cfce92a64a7df4c9630f3214aafc9e7
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_hppa.deb
          Size/MD5 checksum:   153204 4e49ebddf0830708fb30a6cc0bfb064b
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_m68k.deb
          Size/MD5 checksum:   146136 45fe19d01f7f76e394a09264bc2f57fb
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_mips.deb
          Size/MD5 checksum:   158316 1b4ad52779b866c71c06f68f1c62e195
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_mipsel.deb
          Size/MD5 checksum:   158310 97c128e30297e62459bd9d277c407b33
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_powerpc.deb
          Size/MD5 checksum:   148476 a7b070e618315e1a45690c701f532435
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_s390.deb
          Size/MD5 checksum:   151256 121b87823b2a3e4ead430bd4c165526e
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_sparc.deb
          Size/MD5 checksum:   155234 24e5afafa0c3eb18540267e12651a337
    
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.