Linux Security
Linux Security
Linux Security

Debian: New uw-imap packages fix multiple vulnerabilities

Date 11 Dec 2008
5556
Posted By LinuxSecurity Advisories
It was discovered that several buffer overflows can be triggered via a long folder extension argument to the tmail or dmail program. This could lead to arbitrary code execution (CVE-2008-5005).
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1685-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                           Steffen Joeris
December 12, 2008                     https://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : uw-imap
Vulnerability  : buffer overflows, null pointer dereference
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-5005 CVE-2008-5006

Two vulnerabilities have been found in uw-imap, an IMAP
implementation. The Common Vulnerabilities and Exposures project
identifies the following problems:

It was discovered that several buffer overflows can be triggered via a
long folder extension argument to the tmail or dmail program. This
could lead to arbitrary code execution (CVE-2008-5005).

It was discovered that a NULL pointer dereference could be triggered by
a malicious response to the QUIT command leading to a denial of service
(CVE-2008-5006).

For the stable distribution (etch), these problems have been fixed in
version 2002edebian1-13.1+etch1.

For the unstable distribution (sid) and the testing distribution
(lenny), these problems have been fixed in version 2007d~dfsg-1.

We recommend that you upgrade your uw-imap packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  https://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1.orig.tar.gz
    Size/MD5 checksum:  1517069 8ff277e7831326988d0ee0bfeca7c8ff
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1-13.1+etch1.dsc
    Size/MD5 checksum:      874 ac3703de07e1cf10e7aa72a10a5fb20b
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1-13.1+etch1.diff.gz
    Size/MD5 checksum:    99906 6c0172a213d199583e0d6c1dc5957a20

Architecture independent packages:

  https://security.debian.org/pool/updates/main/u/uw-imap/ipopd-ssl_2002edebian1-13.1+etch1_all.deb
    Size/MD5 checksum:    20760 b418a43ee29d858752497a83897588c9
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd-ssl_2002edebian1-13.1+etch1_all.deb
    Size/MD5 checksum:    20756 4381ee8fe7865bc2fbf4f83f44ddd0e3

alpha architecture (DEC Alpha)

  https://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_alpha.deb
    Size/MD5 checksum:    50618 972cf2d773feb8547ba6cc0bd933dbea
  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_alpha.deb
    Size/MD5 checksum:   650718 1d084bff43e5efde07706f8b54134625
  https://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_alpha.deb
    Size/MD5 checksum:    47364 d1550ecb166961b3dd7c948fd7333e18
  https://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_alpha.deb
    Size/MD5 checksum:    26688 9a2ed6fd202bd4b7dfbd555170664979
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_alpha.deb
    Size/MD5 checksum:    80168 d26aa9867204cbc27107bc0eb046649a
  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_alpha.deb
    Size/MD5 checksum:  1196482 41dba8f6a0cc1b7c602060ddf3dae58c

amd64 architecture (AMD x86_64 (AMD64))

  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_amd64.deb
    Size/MD5 checksum:  1040748 89a2bb86ee48bbc3ce0ce6ac06736e5d
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_amd64.deb
    Size/MD5 checksum:    76348 e2506d3191e383e511b73851f7b2403d
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_amd64.deb
    Size/MD5 checksum:    50416 9db96b845240094cb130050463e5b8da
  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_amd64.deb
    Size/MD5 checksum:   606040 458cf8d820a650978eed89b234c2d018
  https://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_amd64.deb
    Size/MD5 checksum:    46470 a6f2e3922fdd861d7209635ffc03b35b
  https://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_amd64.deb
    Size/MD5 checksum:    26394 847986887b14d0a038057478d2b30872

arm architecture (ARM)

  https://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_arm.deb
    Size/MD5 checksum:    46642 b0e4a64cf30e20dc069e3a57259235ce
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_arm.deb
    Size/MD5 checksum:    75798 b41386db73222899258e743a33c4f639
  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_arm.deb
    Size/MD5 checksum:   959814 d4589284f56b8e5746495c7ffb107a91
  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_arm.deb
    Size/MD5 checksum:   589126 91754725dff8d6cea245b24af8b963bb
  https://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_arm.deb
    Size/MD5 checksum:    26082 fbe01ef72a463c603ee2802d5a83c863
  https://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_arm.deb
    Size/MD5 checksum:    46566 f8e9a765ce2398f1361b2a3d23fc68ae

hppa architecture (HP PA RISC)

  https://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_hppa.deb
    Size/MD5 checksum:    49834 38e164bb266c4ac2b64efb1823520ad2
  https://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_hppa.deb
    Size/MD5 checksum:    26948 859538b21ee583afd0eae0fe23f5ccec
  https://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_hppa.deb
    Size/MD5 checksum:    48276 fc635c859779ac21c7f3b5e1330ac96e
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_hppa.deb
    Size/MD5 checksum:    78030 13a4830e58146dada9a4312ea1c0878e
  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_hppa.deb
    Size/MD5 checksum:  1122112 6816e9ad9b34393fdc0a2a13d5e6c03a
  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_hppa.deb
    Size/MD5 checksum:   638360 a22f4b8a0309cb3f7f24281c4b180c40

i386 architecture (Intel ia32)

  https://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_i386.deb
    Size/MD5 checksum:    26270 918de156aad623e201675f53e5a7390b
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_i386.deb
    Size/MD5 checksum:    47736 635d0586f0067de7051a7b96da96489b
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_i386.deb
    Size/MD5 checksum:    73758 92a54d90386b2d791e7833491b1a16e1
  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_i386.deb
    Size/MD5 checksum:   976232 eda1d42fcf0a044eaf7b761090d203ef
  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_i386.deb
    Size/MD5 checksum:   598438 10c608db26e0313c24fa806ac841e47e
  https://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_i386.deb
    Size/MD5 checksum:    45742 53defc689a358a10ecc885846c42f2bd

ia64 architecture (Intel ia64)

  https://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_ia64.deb
    Size/MD5 checksum:    54828 10f59379b3b9710afca1ac83ca409ce8
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_ia64.deb
    Size/MD5 checksum:    89592 8981c9ce87c1a854e986c84ac0284b90
  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_ia64.deb
    Size/MD5 checksum:  1205586 6fe1eb318b9c51cc4ce7dce1c0c2d01e
  https://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_ia64.deb
    Size/MD5 checksum:    27648 bb12979a5cf7ff84e0f233167e994b8c
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_ia64.deb
    Size/MD5 checksum:    62708 d601a2d1ef511702fd31c9953abc2dd0
  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_ia64.deb
    Size/MD5 checksum:   744690 33ddf81a4b04fe817c95c1f4e828d3d4

mips architecture (MIPS (Big Endian))

  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_mips.deb
    Size/MD5 checksum:  1103000 12bfd3f9698096d667d5623c246b17f6
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_mips.deb
    Size/MD5 checksum:    74734 a88fe50a66f89f4620cc88f0902d384e
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_mips.deb
    Size/MD5 checksum:    47006 3b171e1e0d591d05191e187154600ae0
  https://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_mips.deb
    Size/MD5 checksum:    45228 f28bf5c2fb4ca704d151e07ddeb0b14c
  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_mips.deb
    Size/MD5 checksum:   606472 919acee3427f101ad7d929611c7b1fa7
  https://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_mips.deb
    Size/MD5 checksum:    26006 c8b6b70bcaf09ca353cfcec8030c51ab

mipsel architecture (MIPS (Little Endian))

  https://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_mipsel.deb
    Size/MD5 checksum:    26482 8a3e4fa1b89f5948ea5647fb56f01faf
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_mipsel.deb
    Size/MD5 checksum:    74914 b6aa38a2f191d317d2d4509670fa9337
  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_mipsel.deb
    Size/MD5 checksum:  1078056 103f0633e98faa29517a63c827109bc5
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_mipsel.deb
    Size/MD5 checksum:    47642 5cc42be0a5dc83fd8ca5b66cf422a974
  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_mipsel.deb
    Size/MD5 checksum:   605734 f0de3efdd6f797910ac856c624ec109e
  https://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_mipsel.deb
    Size/MD5 checksum:    46028 1ba982a87d77197645a543dc8b27b6a7

powerpc architecture (PowerPC)

  https://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_powerpc.deb
    Size/MD5 checksum:    50206 f4fde759040b7520e72adeea14dd7587
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_powerpc.deb
    Size/MD5 checksum:    74158 b945eea07eec4357825cfc16fed7bf4e
  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_powerpc.deb
    Size/MD5 checksum:   605242 5914dedf470cfd20024c20224290e3b0
  https://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_powerpc.deb
    Size/MD5 checksum:    26410 2c7881339151f91143572bdf7af420dd
  https://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_powerpc.deb
    Size/MD5 checksum:    47642 ad645882db05a4d3fa1080c181eece39
  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_powerpc.deb
    Size/MD5 checksum:  1109820 d5e5f0f48b8edee35e29354119b7d2a3

s390 architecture (IBM S/390)

  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_s390.deb
    Size/MD5 checksum:   623664 c635c4b77cef027eb42faef8e6727c59
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_s390.deb
    Size/MD5 checksum:    78150 b5a7a33230a9162e2308446b45466284
  https://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_s390.deb
    Size/MD5 checksum:    26540 d45c1a7782161483c37a7e00c8fdc700
  https://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_s390.deb
    Size/MD5 checksum:    48374 1fd3a101cd59eb59abec32014c397c18
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_s390.deb
    Size/MD5 checksum:    49490 7ea6ec2d1d99af8ac12a9fee77e3027d
  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_s390.deb
    Size/MD5 checksum:  1109484 0fac4ece552d53c1e5c36d39539c7947

sparc architecture (Sun SPARC/UltraSPARC)

  https://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_sparc.deb
    Size/MD5 checksum:    47416 51529ae793ae7f166c47fb2e23a0413e
  https://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_sparc.deb
    Size/MD5 checksum:    46480 81c03a62740ad668f8c008b1a71be6ab
  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_sparc.deb
    Size/MD5 checksum:   967750 8edd729d4e4a9380764efc693b1d50ad
  https://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_sparc.deb
    Size/MD5 checksum:    26334 1dc5709d6db104eaf92e327b90b55130
  https://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_sparc.deb
    Size/MD5 checksum:   596486 3c3eb2be8fb28c59de0d2bb090e0e5b9
  https://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_sparc.deb
    Size/MD5 checksum:    74884 39b9e029302ff6eebe08a731882181da


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"47","type":"x","order":"1","pct":79.66,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"7","type":"x","order":"2","pct":11.86,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":8.47,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.