Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticalremote code execution

Debian 3.1 DSA 841-1 Critical: Mailutils Remote Code Execution

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 841-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze October 4th, 2005 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : mailutils Vulnerability : format string vulnerability Problem type : remote Debian-specific: no CVE ID : CAN-2005-2878 A format string vulnerability has been discovered in GNU mailutils which contains utilities for handling mail that allows a remote attacker to execute arbitrary code on the IMAP server. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 0.6.1-4sarge1. For the unstable distribution (sid) this problem has been fixed in version 0.6.90-3. We recommend that you upgrade your mailutils package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 1105 571f9dc4dd73866f6888f7ad40d445a9 Size/MD5 checksum: 37030 cdeaf9acb33abf47aadeb899163db03c Size/MD5 checksum: 3053948 47ff446d55909e2777efb9e912b23de5 Architecture independent components: Size/MD5 checksum: 287326 f8cc3cd1b4d753c77a49a488768fed4a Alpha architecture: Size/MD5 checksum: 606384f54df2eb18e6b761feb6e39c5c025898 Size/MD5 checksum: 538700 4088fade15aa91790a4eeaf968e3deb1 Size/MD5 checksum: 171206 ad50d9f2a50366a91134e355764e8db3 Size/MD5 checksum: 48714 cde882256182f1efc3f65ee5fb8a5a91 Size/MD5 checksum: 87216 b73d7281c7b568e00a09e6102c2f8bcb Size/MD5 checksum: 840400 a3896dfc973058db179400e793584849 Size/MD5 checksum: 66522 14ae8401d93659894b73759b1b478f8b AMD64 architecture: Size/MD5 checksum: 572810 6f359d09d1146ca5ba91342cf47e8aed Size/MD5 checksum: 419252 63ffc694a1ae01ce93cff42a542a23f5 Size/MD5 checksum: 156792 cbf58f684ae6016c66732100bc59549f Size/MD5 checksum: 47420 7819e7f8bedf0cb6a9e736cbbad0261b Size/MD5 checksum: 80310 c1c891e8de7f71ea1747e7345449bccf Size/MD5 checksum: 747904 b8a99a4c9ba9bd23a2d81c3e8b1873a1 Size/MD5 checksum: 63066 7fd0d97ddbdd61306a690c5f135c5eac ARM architecture: Size/MD5 checksum: 527430 4ddcccc6f44fc7df839b2c028fffe55a Size/MD5 checksum: 398996 041963fa2132bf8473f119b9a0c46b98 Size/MD5 checksum: 139946 138bd36d955a0590663691da9a924e87 Size/MD5 checksum: 45920 395f7450d6d6808d9e650dd0191bdc98 Size/MD5 checksum: 73224 3d99823d12f33edbc4ba48a78785c065 Size/MD5 checksum: 611910 85de420573e56df18b696f99986d2e4e Size/MD5 checksum: 58728 1713cfbb377dcf306f502766555e2c56 Intel IA-32 architecture: Size/MD5 checksum: 546638 33c7ba82e32cb44e60ccc11c898350aa Size/MD5 checksum: 368170 eb33117e3ea1af53f9acb25b91d19802 Size/MD5 checksum: 143594 e031d8e9c5e66ace4391f915d8505199 Size/MD5 checksum: 46600 4e5ac10b6ccf7ce323d01631da6406db Size/MD5 checksum: 75060 080e134a5b18a50691573fcb2587ceea Size/MD5 checksum: 648372 0b390cfe6f739dc61b964c60b47b5f22 Size/MD5 checksum: 6045888304f09d9508705d6689ba581380eb6 Intel IA-64 architecture: Size/MD5 checksum: 686370 4cb54d890bc50a94b4c86abdbf33eee7 Size/MD5 checksum: 560412 9ac160e35b8af32107d58726b5b64107 Size/MD5 checksum: 198664 ee929d5849173c9ab70928bc61e69bee Size/MD5 checksum: 51238 9d39ff55ab465b23b5c661b47ae9630d Size/MD5 checksum: 96998 54e94843d30f4eff696ebcdd45c7a539 Size/MD5 checksum: 990306 69e8b44efc1925b8ae388b37274b7b82 Size/MD5 checksum: 72422 245ec7e13466de3d1d43eec6abdb741e HP Precision architecture: Size/MD5 checksum: 595258 d4ca564d255bdc33d1769c1b1063fe8e Size/MD5 checksum: 442204 5c238fde3c655bcf043180e90f47172a Size/MD5 checksum: 158120 b8f5748edf06712cb7dce347f93ef407 Size/MD5 checksum: 47578 6e041420aea5d1edd31c5a34d69bbefa Size/MD5 checksum: 79582 9e03d9c6cbfb8ac2381a82c9098d3117 Size/MD5 checksum: 743390 8039702fb15714fbf208e593387772ef Size/MD5 checksum: 62636 1974df850795b3c8e90f711feed74353 Motorola 680x0 architecture: Size/MD5 checksum: 530392 feb5047c2cb1b1aa622ce00f4fa88a8e Size/MD5 checksum: 342010 8be136e24deac85778b6aed825eedf4b Size/MD5 checksum: 137976 21192aff6dabf3ce2dd720ac621bdd79 Size/MD5 checksum: 46002 11524c5af73a9230b396acfbc8ac70ef Size/MD5 checksum: 71980 b19b14b7d6fab2d65691841b237535c4 Size/MD5 checksum: 585942 96fb6e0b0bd5c77135471137bf4e03f3 Size/MD5 checksum: 58532 5e08996c218aed9d69df307dc5cfc25c Big endian MIPS architecture: Size/MD5 checksum: 546328 fd4c71af25939af23fef5f3264282fb2 Size/MD5 checksum: 435486 3e0e0384e04a09384d770b1ab4baea32 Size/MD5 checksum: 170178 91bdf8e9f748cc7d59720bde9a2902ea Size/MD5 checksum: 47324 92c7228dab7e3eef27830516725d92c2 Size/MD5 checksum: 79408 9a53d5edbbde3e22891c17e46d963df4 Size/MD5 checksum: 736470 05e81cdbde2a46b0390395673a08cc1f Size/MD5 checksum: 63246 23f641022bea23e89754fcfdbe6a0ee7 Little endian MIPS architecture: Size/MD5 checksum: 543782 d3b0685929f7a7509593070bd6c3cb24 Size/MD5 checksum: 435074 0b429dc39083c2f1d297fe74109d9ff1 Size/MD5 checksum: 169236 8f8baa1b0c29f740c6df24eef4be72f4 Size/MD5 checksum: 47348 928829f7677458a3a98a172de42845bf Size/MD5 checksum: 79370 af3aac9553ed1b32b5e202be0c5f25ee Size/MD5 checksum: 733964 4896c6d726bf6bb55ca3799bf16316b1 Size/MD5 checksum: 63062 0b6a4acd7abdce23cc5453eb74fe0ace PowerPC architecture: Size/MD5 checksum: 562656 f67259ab832b0f8c0603cdc67dbe7da5 Size/MD5 checksum: 413256 52af6f53afe953e2b61c6963a7767fa4 Size/MD5 checksum: 157132 dbea4cf9d3c13eb64dbfb6c45afc4656 Size/MD5 checksum: 48140 a17f9d5f6819a01c43203bba60bd1318 Size/MD5 checksum: 77740 a49bb18465fd525432408f04a1a5e2eb Size/MD5 checksum: 703556 0313c6d7732ea9dc02fdfe761d19d285 Size/MD5 checksum: 62720 b872dc38bd68f37eade1d93122b06d5d IBM S/390 architecture: Size/MD5 checksum: 588272 9b08cf5bf32808febe51d504f7a1de28 Size/MD5 checksum: 414258 e4dfb8ba1d2c9ae961f4266535b1db13 Size/MD5 checksum: 156044 e3a2c3bc8577fe048961dfafd65af520 Size/MD5 checksum: 47764 12c866ffaf0c4bdf3e1740b3204159af Size/MD5 checksum: 80440 972141900eb33f9f5af71f2dbd7735af Size/MD5 checksum: 751338 41c5a8f2321793932ed0b656d6d2ab5d Size/MD5 checksum: 63234 c7c4a9cddd4883057bf48259fc48da4d Sun Sparc architecture: Size/MD5 checksum: 538590 c087d0acbb5aaa85a2a604d502405ef2 Size/MD5 checksum: 377926 afe33096c3f86adb272ead55253ee886 Size/MD5 checksum: 139886 9138582e6bdd999321b9073ed8164b64 Size/MD5 checksum: 46012d13c45d9852f0400e61ec550da0f427e Size/MD5 checksum: 73622 0ecb0584c1652b26373dd22c457f1a5a Size/MD5 checksum: 624018 ad86570361a60694083e945abd2a5ff6 Size/MD5 checksum: 58758 b4c553eaee679c961775fcac89cbd168 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Recent updates to mailutils packages have been issued to address a format string vulnerability that could enable remote code execution in Debian.. mailutils update, remote code execution, format string issue. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 04, 2005 Critical Debian
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryhigh severitygentoo

Gentoo GLSA-200509-10 High: Mailutils Code Exec Risk for imap4d

The imap4d server contains a vulnerability allowing an authenticated user to execute arbitrary code with the privileges of the imap4d process. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200509-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mailutils: Format string vulnerability in imap4d Date: September 17, 2005 Bugs: #105458 ID: 200509-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= The imap4d server contains a vulnerability allowing an authenticated user to execute arbitrary code with the privileges of the imap4d process. Background ========= The GNU Mailutils are a collection of mail-related utilities, including an IMAP4 server (imap4d). Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-mail/mailutils < 0.6-r2 > = 0.6-r2 Description ========== The imap4d server contains a format string bug in the handling of IMAP SEARCH requests. Impact ===== An authenticated IMAP user could exploit the format string error in imap4d to execute arbitrary code as the imap4d user, which is usually root. Workaround ========= There are no known workarounds at this time. Resolution ========= All GNU Mailutils users should upgrade to the latest available version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-mail/mailutils-0.6-r2" References ========= [ 1 ] iDEFENSE 09.09.05 advisory ;type=vulnerabilities Availability =========== This GLSA and any updates to it are available for viewing at the GentooSecurity Website: https://security.gentoo.org/glsa/200509-10 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.0/ . Critical vulnerability alert for Gentoo Mailutils imap4d format string flaw enabling remote code execution.. Mailutils, Code Execution, Gentoo Advisory, IMAP4D, Security Issue. . LinuxSecurity.com Team

Calendar 2 Sep 17, 2005 Gentoo
Banner 2 1028x280 1708121730 1 1771599631
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryGentoosql injection

Gentoo: 202204-01 Critical: Mailutils Buffer Overflow Vulnerability

GNU Mailutils is vulnerable to SQL command injection attacks.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200506-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mailutils: SQL Injection Date: June 06, 2005 Bugs: #94824 ID: 200506-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= GNU Mailutils is vulnerable to SQL command injection attacks. Background ========= GNU Mailutils is a collection of mail-related utilities. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-mail/mailutils < 0.6-r1 > = 0.6-r1 Description ========== When GNU Mailutils is built with the "mysql" or "postgres" USE flag, the sql_escape_string function of the authentication module fails to properly escape the "\" character, rendering it vulnerable to a SQL command injection. Impact ===== A malicious remote user could exploit this vulnerability to inject SQL commands to the underlying database. Workaround ========= There is no known workaround at this time. Resolution ========= All GNU Mailutils users should upgrade to the latest available version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-mail/mailutils-0.6-r1" References ========= [ 1 ] CAN-2005-1824 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200506-02 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality andsecurity of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.0/ . The Gentoo GLSA 202112-05 outlines a moderate risk SQL injection vulnerability affecting Mailutils. Updating is advised to maintain system integrity.. Mailutils SQL Injection,Gentoo Security,Secure Mailutils,SQL Command Security. . LinuxSecurity.com Team

Calendar 2 Jun 06, 2005 Gentoo
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydenial of servicecritical

Debian: DSA 732-1 Critical: Mailutils Remote Code Execution Issues

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 732-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze June 3rd, 2005 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : mailutils Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CAN-2005-1520 CAN-2005-1521 CAN-2005-1522 CAN-2005-1523 "infamous41md" discovered several vulnerabilities in the GNU mailutils package which contains utilities for handling mail. These problems can lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities. CAN-2005-1520 Buffer overflow mail header handling may allow a remote attacker to execute commands with the privileges of the targeted user. CAN-2005-1521 Combined integer and heap overflow in the fetch routine can lead to the execution of arbitrary code. CAN-2005-1522 Denial of service in the fetch routine. CAN-2005-1523 Format string vulnerability can lead to the execution of arbitrary code. For the stable distribution (woody) these problems have been fixed in version 20020409-1woody2. For the testing distribution (sarge) these problems have been fixed in version 0.6.1-4. For the unstable distribution (sid) these problems have been fixed in version 0.6.1-4. We recommend that you upgrade your mailutils packages. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install correctedpackages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 697 ddb16985d00bf55795157d952875393d Size/MD5 checksum: 1497824 212b3ad37c1614fd5bba9640d47be76c Architecture independent components: Size/MD5 checksum: 58670 d890abeef935e595f6b06b2f773f57d4 Alpha architecture: Size/MD5 checksum: 135230 c588ed776322a6c29f3eb46da96aecb3 Size/MD5 checksum: 192258 a2230693059806c0ca2bce24d04207ab Size/MD5 checksum: 148854 8f9815529106a45f1f9f07f5147726b1 Size/MD5 checksum: 50118 44fe84821aadb7e4b7bc8286797bf814 Size/MD5 checksum: 35106 157475241ac197f5d40eccc1d77fa3ac ARM architecture: Size/MD5 checksum: 114426 c888648c94ad93b5300ea56ce4499a4f Size/MD5 checksum: 147558 b7d065739350cbcbee5df6786910713b Size/MD5 checksum: 111070 bce055c195b225350f51e1d817b38a6b Size/MD5 checksum: 38604 721e4d0013c65155c8e2577fc8a87675 Size/MD5 checksum: 27272 3c591ac6d6d82799db15517c2fdc3405 Intel IA-32 architecture: Size/MD5 checksum: 113832 1acfdc0a7b2db619204144fd97564f43 Size/MD5 checksum: 127762 818c7e8f7b9e906cebbfc6952d57ea34 Size/MD5 checksum: 108108 df8f7f8658f84723e44dbdcdc8c14bb9 Size/MD5 checksum: 38094 44e7da3c148b1749eede57489e6d19f6 Size/MD5 checksum: 27472 7bd76da97e358fee9269aefc7fba1488 Intel IA-64 architecture: Size/MD5 checksum: 186092 0abedbb1a941364892e2a6ed27b2d0ba Size/MD5 checksum: 219532 f474d60ff049f2ec5624d64c79d87e49 Size/MD5 checksum: 183254 eff5007d14e9da7404ea9db8d9dbb21d Size/MD5 checksum: 61820 eca79d1b7f2885a6d3ec7b9c644e83de Size/MD5 checksum: 42586 1e64d4766caf76f496dd6a88e033654b HP Precisionarchitecture: Size/MD5 checksum: 142704 c359f51cf1042017481abbc9a63b12bb Size/MD5 checksum: 171234 10f95329672f94dd3021b25dcbed602c Size/MD5 checksum: 133484 a3df045a3955fd01a183203e13f518ad Size/MD5 checksum: 45208 be29e8a3047203725c324da1db1b84cc Size/MD5 checksum: 31826 bc399e6400d2ca70f41c934163c87966 Motorola 680x0 architecture: Size/MD5 checksum: 108930 8331800f6c68b249cef1ff20508d9eaf Size/MD5 checksum: 121470 ed82976e6953df807c4858aa0d0e63ca Size/MD5 checksum: 101954 54b3c72e0904c8b0d5c67c97052a502f Size/MD5 checksum: 36596 375563164bd1474b5257603f0f2f0849 Size/MD5 checksum: 26334 06cedc01ebaef7934d989005a1ef8c01 Big endian MIPS architecture: Size/MD5 checksum: 118376 8a5e60eb796cd321db55315715a390bf Size/MD5 checksum: 164232 1e8c0336f1d8426a980c304eb471278a Size/MD5 checksum: 130550 8db76fe33938664bfc1e794634c8ced8 Size/MD5 checksum: 43320 db0d7eaf76798e042f05739ce1972bc6 Size/MD5 checksum: 30766 6ea46afe66030ade6bf3886782f7f702 Little endian MIPS architecture: Size/MD5 checksum: 118270 724563b138795936a42b7ab923934e37 Size/MD5 checksum: 164028 ae6c3734da9c030b038e0c4078dac8df Size/MD5 checksum: 129862 9547d79eb3313a3308ed64c43d0a66ec Size/MD5 checksum: 43166 58a36c264f0f81c1cb38829f8ecc9481 Size/MD5 checksum: 30640 8ebea6878b4ca879f9e6d685b9264838 PowerPC architecture: Size/MD5 checksum: 117908 524458b456accd1351df1541208832b5 Size/MD5 checksum: 145288 ab1412cc98dc973ccd95f70d3eeed964 Size/MD5 checksum: 115414 c51d2a7401341271e2fb487ddb2b06e1 Size/MD5 checksum: 39726 a58eb1c4cd38e1f38c923cce1be6d940 Size/MD5 checksum: 27510 d2139b76674771e491b1d8b848e509dc IBM S/390 architecture: Size/MD5 checksum: 12002208083b0ee8b67e2272a3291e7ea119d2 Size/MD5 checksum: 134246 18692a22d388900b10ded752943cf81f Size/MD5 checksum: 116228 5ac2e029b1f0ad2b38bf6dfe33917c4c Size/MD5 checksum: 40670 78a66eac5fa65a851e2a4dcc55223711 Size/MD5 checksum: 29092 e89800e02233e9320c2a435a523ce61c Sun Sparc architecture: Size/MD5 checksum: 116480 f0a60c012d07732f347832cd1690057c Size/MD5 checksum: 134090 448dc2ecdd77ec59f32c8ec2c55ce475 Size/MD5 checksum: 116186 2e906c7abe3b8f56ab526367a84a240a Size/MD5 checksum: 38558 0f8116d72038ad6e59a20eced9f5f7a6 Size/MD5 checksum: 28822 7bd3fff94c5a3cff6678c46e47b0f7cf These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Advisory DSA 732-1 http://www.debian.org/security/ Martin Schulze June 3rd, 2005 htt. updated, package, --------------------------------------------------------------------------debian. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 03, 2005 Critical Debian
Banner 2 1028x280 1708121730 1 1771599631
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryhigh severitygentoo

Gentoo: GLSA 200505-20 High: Mailutils Remote Code Exploits

The imap4d server and the mail utility from GNU Mailutils contain multiple vulnerabilities, potentially allowing a remote attacker to execute arbitrary code with root privileges. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200505-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mailutils: Multiple vulnerabilities in imap4d and mail Date: May 27, 2005 Bugs: #94053 ID: 200505-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= The imap4d server and the mail utility from GNU Mailutils contain multiple vulnerabilities, potentially allowing a remote attacker to execute arbitrary code with root privileges. Background ========= GNU Mailutils is a collection of mail-related utilities, including an IMAP4 server (imap4d) and a Mail User Agent (mail). Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-mail/mailutils < 0.6-r1 > = 0.6-r1 Description ========== infamous41d discovered several vulnerabilities in GNU Mailutils. imap4d does not correctly implement formatted printing of command tags (CAN-2005-1523), fails to validate the range sequence of the "FETCH" command (CAN-2005-1522), and contains an integer overflow in the "fetch_io" routine (CAN-2005-1521). mail contains a buffer overflow in "header_get_field_name()" (CAN-2005-1520). Impact ===== A remote attacker can exploit the format string and integer overflow in imap4d to execute arbitrary code as the imap4d user, which is usually root. By sending a specially crafted emailmessage, a remote attacker could exploit the buffer overflow in the "mail" utility to execute arbitrary code with the rights of the user running mail. Finally, a remote attacker can also trigger a Denial of Service by sending a malicious FETCH command to an affected imap4d, causing excessive resource consumption. Workaround ========= There are no known workarounds at this time. Resolution ========= All GNU Mailutils users should upgrade to the latest available version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-mail/mailutils-0.6-r1" References ========= [ 1 ] CAN-2005-1520 [ 2 ] CAN-2005-1521 [ 3 ] CAN-2005-1522 [ 4 ] CAN-2005-1523 [ 5 ] iDEFENSE 05.25.05 advisories ;showYear=2005 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200505-20 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.0/ . Explore the Gentoo GLSA 2021-15 addressing critical vulnerabilities in OpenSSL that can lead to unauthorized access and system compromise.. Mailutils Security,Gentoo Advisory,Remote Code Execution,IMAP Issues. . LinuxSecurity.com Team

Calendar 2 May 27, 2005 Gentoo
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here