Debian: New uw-imap packages fix arbitrary code execution

    Date10 Oct 2005
    CategoryDebian
    6778
    Posted ByJoe Shakespeare
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 861-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    October 11th, 2005                      http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : uw-imap
    Vulnerability  : buffer overflow
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CAN-2005-2933
    
    "infamous41md" discovered a buffer overflow in uw-imap, the University
    of Washington's IMAP Server that allows attackers to execute arbitrary
    code.
    
    The old stable distribution (woody) is not affected by this problem.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 2002edebian1-11sarge1.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 2002edebian1-11sarge1.
    
    We recommend that you upgrade your uw-imap packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1-11sarge1.dsc
          Size/MD5 checksum:      785 bf3e532a78669fd66c329a46ea11809d
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1-11sarge1.diff.gz
          Size/MD5 checksum:    85400 b295b9c10972cb78f3b4d25394b4b31d
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1.orig.tar.gz
          Size/MD5 checksum:  1517069 8ff277e7831326988d0ee0bfeca7c8ff
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/u/uw-imap/ipopd-ssl_2002edebian1-11sarge1_all.deb
          Size/MD5 checksum:    19982 ee7e9d78916253bef43c0513b1fa2df3
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd-ssl_2002edebian1-11sarge1_all.deb
          Size/MD5 checksum:    19968 01cd3a699013ba2679af4cd4c4c97ee7
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_alpha.deb
          Size/MD5 checksum:    45316 8eff87a5d99f8514a97ba925f64cc29c
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_alpha.deb
          Size/MD5 checksum:  1400536 508b3322c04aba6a16ccd8360bcb2c8f
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_alpha.deb
          Size/MD5 checksum:   623866 007e483d0f71e26d88135ebd621cf913
        http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_alpha.deb
          Size/MD5 checksum:    26112 1512b9c49a9e67222c42e1e1a3161f62
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_alpha.deb
          Size/MD5 checksum:    76068 d3f6e63d18eee660aec45970c75a1e9f
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_alpha.deb
          Size/MD5 checksum:    50388 7915af40dc8454ed9c28b8210785b4b2
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_amd64.deb
          Size/MD5 checksum:    43842 9ee07ca885ad0a760624ee9ac3359573
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_amd64.deb
          Size/MD5 checksum:  1241462 a04eea3b29ce844bd36e882c358ec589
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_amd64.deb
          Size/MD5 checksum:   585262 43379b991740461a5247103be7bb481c
        http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_amd64.deb
          Size/MD5 checksum:    25256 b46f5e4f874df2b1c64e46d4d179753f
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_amd64.deb
          Size/MD5 checksum:    71862 9ea5e627919c4dc40db2ed70047da69c
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_amd64.deb
          Size/MD5 checksum:    47526 607377887f83ed71a87264bc85317bf3
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_arm.deb
          Size/MD5 checksum:    43908 cbb7163d6976c804f7f7dde0eba82e8f
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_arm.deb
          Size/MD5 checksum:  1218296 e942c426a47bfa5fe43b269040dc259d
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_arm.deb
          Size/MD5 checksum:   572074 325eab596c707493b112c4157192fd7d
        http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_arm.deb
          Size/MD5 checksum:    25284 aeedc4004a68ceb78d705c44cce7bd2b
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_arm.deb
          Size/MD5 checksum:    71378 611cd65efdeebdc3aba327482a966109
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_arm.deb
          Size/MD5 checksum:    46240 48f471e616eb16cb6682ef206eff68b5
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_i386.deb
          Size/MD5 checksum:    42640 222b9d6cfae656aeb0995b6b742a8018
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_i386.deb
          Size/MD5 checksum:  1192272 a641726681b49cbf4a59d15a992c3307
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_i386.deb
          Size/MD5 checksum:   580390 70951fce39878d16e551d0a3d20b1396
        http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_i386.deb
          Size/MD5 checksum:    25354 f72ec8b8f6c62b1c0185582387624fd3
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_i386.deb
          Size/MD5 checksum:    69812 9f7ef54531d8a7f98302526ba0395b93
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_i386.deb
          Size/MD5 checksum:    46514 07f09150e567ab8628e66b81ac4eef45
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_ia64.deb
          Size/MD5 checksum:    49584 cf5a3f4db538e69659eba3464ded819b
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_ia64.deb
          Size/MD5 checksum:  1392282 8ad6f8db3031f8f312cdac57b423d9a6
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_ia64.deb
          Size/MD5 checksum:   692648 0b9c67065ef7dc2bd19781778df56411
        http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_ia64.deb
          Size/MD5 checksum:    26856 253449914d0ebea21699f939ea21823b
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_ia64.deb
          Size/MD5 checksum:    82692 4803d5030e4521f010e28ba0129528e0
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_ia64.deb
          Size/MD5 checksum:    57218 5015cfcc9c0a4ec7100e31c86874feb4
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_hppa.deb
          Size/MD5 checksum:    45482 e9ae3633401d343357ef2ede9b5dcfde
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_hppa.deb
          Size/MD5 checksum:  1290012 79d3092981ccf2fa5f6770e68ec494a9
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_hppa.deb
          Size/MD5 checksum:   621964 9090bf13ad38d5d2584d1a2497aa59b0
        http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_hppa.deb
          Size/MD5 checksum:    26102 6df6311df18609d071cc918568b481ec
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_hppa.deb
          Size/MD5 checksum:    74376 e6ddda3b2f8765ef20d307888da4bb79
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_hppa.deb
          Size/MD5 checksum:    48796 a16164bb8d33476cb5ab8e9bc8bd851f
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_m68k.deb
          Size/MD5 checksum:    42198 0c460fb08a6baf8597d588b06c0eb866
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_m68k.deb
          Size/MD5 checksum:  1202760 bcfd325de3b1ae80142fd40863c98480
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_m68k.deb
          Size/MD5 checksum:   557322 355de85312016eee76b442f617a1fa7b
        http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_m68k.deb
          Size/MD5 checksum:    25282 7a22722226b591ddd992b340eed62a79
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_m68k.deb
          Size/MD5 checksum:    67800 b78499f7aedee1af72a0abdce500bf1b
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_m68k.deb
          Size/MD5 checksum:    45972 6d387a13b396d2af4fb9c3a0a739e703
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_mips.deb
          Size/MD5 checksum:    45198 64a47c0e7299d4b9c2fabf9f5dbcd270
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_mips.deb
          Size/MD5 checksum:  1293040 0de4a01dd9aa001d0c9e3970add39139
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_mips.deb
          Size/MD5 checksum:   584784 b9981e6e319358c956ee8038e7ea70b5
        http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_mips.deb
          Size/MD5 checksum:    26032 91f708c3c2aaac1ff684a0067761479f
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_mips.deb
          Size/MD5 checksum:    70504 a77dc274b6df53c30e13aa54f933fda1
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_mips.deb
          Size/MD5 checksum:    51994 b03effecefe81dab0d9523bcd4d31287
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_mipsel.deb
          Size/MD5 checksum:    45138 d8319d4a2e984218582a2afcd3cd1f61
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_mipsel.deb
          Size/MD5 checksum:  1266374 12718fcede276595c4f6060adc06e50c
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_mipsel.deb
          Size/MD5 checksum:   584592 574d31724a1022e62a4c4954c4744b4b
        http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_mipsel.deb
          Size/MD5 checksum:    26024 60437f28a8d255810fc33b215fe124ca
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_mipsel.deb
          Size/MD5 checksum:    70396 8b11bea999587f10987960d36d122739
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_mipsel.deb
          Size/MD5 checksum:    52042 7f1f9bd83e7e82f3e3df8ae0a505f222
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_powerpc.deb
          Size/MD5 checksum:    44714 3be1ef718719a94a9755ac2492bf4736
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_powerpc.deb
          Size/MD5 checksum:  1367392 5140873290e9c5eceeb81adb45b4cfbe
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_powerpc.deb
          Size/MD5 checksum:   584320 b249e6621e1b6835eb2d19c5307706ed
        http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_powerpc.deb
          Size/MD5 checksum:    25724 ad84786248356abddf83822e32fad4e1
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_powerpc.deb
          Size/MD5 checksum:    70054 3b49efb35b29fe1383d77acc99e77220
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_powerpc.deb
          Size/MD5 checksum:    49518 16be979ed27da72276922377cfe4e63f
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_s390.deb
          Size/MD5 checksum:    45220 f0f89e4980b1ae8d016a18a4465d5daa
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_s390.deb
          Size/MD5 checksum:  1605558 ab2145e4e5ed815eac6b535ed852a075
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_s390.deb
          Size/MD5 checksum:   598718 d65ae25a64e58b9657e4d289c426aa8d
        http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_s390.deb
          Size/MD5 checksum:    25794 5958825b0b8f38b1768c0172d70f7a92
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_s390.deb
          Size/MD5 checksum:    73032 7c90176a07024e8d4103b3c53da66d7c
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_s390.deb
          Size/MD5 checksum:    48286 d0b533d1d55562880e2830e6d9840b97
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_sparc.deb
          Size/MD5 checksum:    43512 2769984cb6ade49615903339399f76fc
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_sparc.deb
          Size/MD5 checksum:  1230520 b2fb2513b5a3e244c8dcddfc0e944c59
        http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_sparc.deb
          Size/MD5 checksum:   578812 1e99dac1bb48e24cc2dfc68e32be3a0b
        http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_sparc.deb
          Size/MD5 checksum:    25348 b763253c4b4767fcfffcefea7f708245
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_sparc.deb
          Size/MD5 checksum:    71438 a9f91e6c21f28a5a2ff630913d85a2aa
        http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_sparc.deb
          Size/MD5 checksum:    46204 bc1f2368bfddcde27cc20ee264234122
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.