Debian: New razor packages fix potential DOS

    Date05 Jul 2005
    CategoryDebian
    5287
    Posted ByJoe Shakespeare
    Updated package.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA 738-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    	
    http://www.debian.org/security/                            Michael Stone
    July 05, 2005                         http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : razor
    Vulnerability  : email header parsing error
    Problem type   : remote DOS
    Debian-specific: no
    CVE Id(s)      : CAN-2005-2024
    
    A vulnerability was discovered in the way that Razor parses certain
    email headers that could potentially be used to crash the Razor program,
    causing a denial of service (DOS). 
    
    For the stable distribution (sarge), this problem has been fixed in
    version 2.670-1sarge2. 
    
    The old stable distribution (woody) is not affected by this issue.
    
    We recommend that you upgrade your razor package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian 3.1 (sarge)
    - ------------------
    
      sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2.dsc
          Size/MD5 checksum:      799 88b6def693d8e884f636acf9337344f1
        http://security.debian.org/pool/updates/main/r/razor/razor_2.670.orig.tar.gz
          Size/MD5 checksum:    86705 0118b6030ea261ea85e73a55cc7eac8e
        http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2.diff.gz
          Size/MD5 checksum:    10699 ed53476451c87dbf876697e198083973
    
      alpha architecture (DEC Alpha)
    
        http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_alpha.deb
          Size/MD5 checksum:   117030 ab3c6043749da7b66aa468f8fec794a7
    
      arm architecture (ARM)
    
        http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_arm.deb
          Size/MD5 checksum:   115572 01ee173b14d45f1f576dd3b4db6ba3e8
    
      hppa architecture (HP PA RISC)
    
        http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_hppa.deb
          Size/MD5 checksum:   117146 82889def9ab647e075cedf658a2e7707
    
      i386 architecture (Intel ia32)
    
        http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_i386.deb
          Size/MD5 checksum:   116070 9171153ba7bf5c0c679c14a8303d777d
    
      ia64 architecture (Intel ia64)
    
        http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_ia64.deb
          Size/MD5 checksum:   118378 d1ed58ed88d490cad82b8cde72745b6d
    
      m68k architecture (Motorola Mc680x0)
    
        http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_m68k.deb
          Size/MD5 checksum:   115938 6a620f25c1895e3ac80ba94c57931874
    
      mips architecture (MIPS (Big Endian))
    
        http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_mips.deb
          Size/MD5 checksum:   114962 3a771fb3bc2b88b6606121541f4e1c80
    
      mipsel architecture (MIPS (Little Endian))
    
        http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_mipsel.deb
          Size/MD5 checksum:   114978 3c6f16f40f9820e4624c277969c85947
    
      powerpc architecture (PowerPC)
    
        http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_powerpc.deb
          Size/MD5 checksum:   117502 2860b774a37ed2eaae9efd365e05ceaf
    
      s390 architecture (IBM S/390)
    
        http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_s390.deb
          Size/MD5 checksum:   115738 02789063e04d63a1eea5f2bf88745c5f
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
        http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_sparc.deb
          Size/MD5 checksum:   115848 8a264ab5802cf6764db4354facdd4ea0
    
    - -------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"37","type":"x","order":"1","pct":51.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.89,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.72,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.