Debian: UPDATE: sendmail buffer overflow vulnerability

    Date04 Apr 2003
    CategoryDebian
    2227
    Posted ByLinuxSecurity Advisories
    This is a major brown paperbag update. The old packages for the stable distribution (woody) did not work as expected and you should only update to the new packages mentioned in this advisory.
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 278-2                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    April 4th, 2003                          http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : sendmail
    Vulnerability  : char-to-int conversion
    Problem-Type   : local, maybe remote
    Debian-specific: no
    CVE Id         : CAN-2003-0161
    CERT Id        : VU#897604 CA-2003-12
    
    This is a major brown paperbag update.  The old packages for the
    stable distribution (woody) did not work as expected and you should
    only update to the neww packages mentioned in this advisory.  The
    packages in the old stable distribution (potato) are working
    properly.  I'm awfully sorry for the inconvenience.
    
    At the moment updated packages are only available for alpha, i386 and sparc.
    
    The original advisory was:
    
       Michal Zalewski discovered a buffer overflow, triggered by a char to
       int conversion, in the address parsing code in sendmail, a widely used
       powerful, efficient, and scalable mail transport agent.  This problem
       is potentially remotely exploitable.
    
    For the stable distribution (woody) this problem has been
    fixed in version 8.12.3-6.3.
    
    We recommend that you upgrade your sendmail packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.3.dsc
          Size/MD5 checksum:      761 105b2619c72e95e90aec1f8dbe69fb6d
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.3.diff.gz
          Size/MD5 checksum:   253206 95f7f532f1f94061803d0b5407c7bd7a
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz
          Size/MD5 checksum:  1840401 b198b346b10b3b5afc8cb4e12c07ff4d
    
      Architecture independent components:
    
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-6.3_all.deb
          Size/MD5 checksum:   747428 b3ade8ee7ac5de3f7e9a66eaf51654c0
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.3_alpha.deb
          Size/MD5 checksum:   267498 9616df6f9a46472c1fd6e3d2a418d9f8
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.3_alpha.deb
          Size/MD5 checksum:  1218434 23579de1583d6fb9976e1b1c2f59fc00
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.3_i386.deb
          Size/MD5 checksum:   236984 2a1bef62b8cbf587529a798b1090429c
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.3_i386.deb
          Size/MD5 checksum:  1003430 66deba993c135453e2e554faf4955615
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.3_sparc.deb
          Size/MD5 checksum:   244974 0a2bbdfec93148f2fa796874012dfc2a
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.3_sparc.deb
          Size/MD5 checksum:  1069450 cbe517ba8fbd191dc5dffe1604da4454
    
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.