Debian: New fetchmail packages fix arbitrary code execution
Summary
- --------------------------------------------------------------------------Debian Security Advisory DSA 774-1 security@debian.org http://www.debian.org/security/ Martin Schulze August 12th, 2005 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : fetchmail Vulnerability : buffer overflow Problem-Type : remote Debian-specific: no CVE ID : CAN-2005-2335 CERT advisory : BugTraq ID : 14349 Debian Bug : 212762 Edward Shornock discovered a bug in the UIDL handling code of fetchmail, a common POP3, APOP and IMAP mail fetching utility. A malicious POP3 server could exploit this problem and inject arbitrary code that will be executed on the victim host. If fetchmail is running as root, this becomes a root exploit. the old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 6.2.5-12sarge1. For the unstable distribution (sid) this problem has been fixed in version 6.2.5-16. We recommend that you upgrade your fetchmail package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 650 3eb739416b5b7a906b56b3145cf1ba32 Size/MD5 checksum: 150578 12cdd33c6299e840ffcf3cfa00eb2e0e Size/MD5 checksum: 1257376 9956b30139edaa4f5f77c4d0dbd80225 Architecture independent components: Size/MD5 checksum: 42268 593148b798ec57fbca09340ecb139c1e Size/MD5 checksum: 101356 c7e81ed2ef2c7375e3afb9d937a1aa91 Alpha architecture: Size/MD5 checksum: 572940 7426819c3db555eb6c1b5bf866b2113d AMD64 architecture: Size/MD5 checksum: 554678 56223b7979f4e4410c05620d153a01ba ARM architecture: Size/MD5 checksum: 549146 b8f0493390f4aa713004f913f2696e73 Intel IA-32 architecture: Size/MD5 checksum: 548184 4b004ec450045c4d0d4b9fda7d9b04cc Intel IA-64 architecture: Size/MD5 checksum: 597056 5a7e4a0f676edeed83bd3e48d4747b57 HP Precision architecture: Size/MD5 checksum: 561656 5ed8c10d345f358e85f58937e7aa79c9 Motorola 680x0 architecture: Size/MD5 checksum: 537964 8ce1a7e8de2858d8b9166c7166309173 Big endian MIPS architecture: Size/MD5 checksum: 556648 ee365e9943ae1646eb6ac051c6645833 Little endian MIPS architecture: Size/MD5 checksum: 556388 5f07b01938a6171da1c319006700ec93 PowerPC architecture: Size/MD5 checksum: 556168 55c628ab054ef7022c679e15edde8fae IBM S/390 architecture: Size/MD5 checksum: 554510 5457354b0ee7ed5c735c582408396154 Sun Sparc architecture: Size/MD5 checksum: 549168 db954a1eafe045ff6f2eb4c3c64abf3f These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.