Debian: New exim-tls packages fix arbitrary code execution

    Date13 Jan 2005
    CategoryDebian
    6398
    Posted ByJoe Shakespeare
    Philip Hazel announced a buffer overflow in the host_aton function in exim-tls, the SSL-enabled version of the default mail-tranport-agent in Debian, which can lead to the execution of arbitrary code via an illegal IPv6 address.
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 637-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    January 13th, 2005                      http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : exim-tls
    Vulnerability  : buffer overflow
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2005-0021
    Debian Bug     : 289046
    
    Philip Hazel announced a buffer overflow in the host_aton function in
    exim-tls, the SSL-enabled version of the default mail-tranport-agent
    in Debian, which can lead to the execution of arbitrary code via an
    illegal IPv6 address.
    
    For the stable distribution (woody) this problem has been fixed in
    version 3.35-3woody3.
    
    In the unstable distribution (sid) this package does not exist
    anymore.
    
    We recommend that you upgrade your exim-tls package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3.dsc
          Size/MD5 checksum:      677 059e83c496e959d01bcca0a11637b017
        http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3.diff.gz
          Size/MD5 checksum:    80492 90d594f60ae815a780faa5f9c9d1859d
        http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35.orig.tar.gz
          Size/MD5 checksum:  1271057 42d362e40a21bd7ffc298f92c8bd986a
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_alpha.deb
          Size/MD5 checksum:   873682 935e1dddb27a713d562b905c2951dea7
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_arm.deb
          Size/MD5 checksum:   784148 c97ded116303fe5ee1c4a9f741350c58
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_i386.deb
          Size/MD5 checksum:   759442 1477e25fe953ee209ec86a67a59306ba
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_ia64.deb
          Size/MD5 checksum:   974058 74cd3707971105a75398a0ce46e4bb80
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_hppa.deb
          Size/MD5 checksum:   814316 56d73dab6e0bbd4df6068c5f9f065491
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_m68k.deb
          Size/MD5 checksum:   736730 ba35f1bd8dcfaf6ef9f35aded9176cab
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_mips.deb
          Size/MD5 checksum:   824408 0f8af4bf6f39d1dbb10e05e5717e3115
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_mipsel.deb
          Size/MD5 checksum:   825160 abfc0dc6c75fc7fafba89f6673bd1913
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_powerpc.deb
          Size/MD5 checksum:   792574 f8c3a2d72890f766a72a6ddc39f2ea31
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_s390.deb
          Size/MD5 checksum:   779236 aca9521a7b347d291e158a919cca0ed5
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_sparc.deb
          Size/MD5 checksum:   782800 5e3a9478dc77a0943ce0c41611973c95
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.