Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 486
Alerts This Week
Warning Icon 1 486

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
91

Gentoo: GLSA-200603-16 Critical: Metamail Buffer Overflow Issue

A buffer overflow in Metamail could possibly be exploited to execute arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200603-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Metamail: Buffer overflow Date: March 17, 2006 Bugs: #126052 ID: 200603-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A buffer overflow in Metamail could possibly be exploited to execute arbitrary code. Background ========= Metamail is a program that decodes MIME encoded mail. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-mail/metamail < 2.7.45.3-r1 > = 2.7.45.3-r1 Description ========== Ulf Harnhammar discovered a buffer overflow in Metamail when processing mime boundraries. Impact ===== By sending a specially crafted email, attackers could potentially exploit this vulnerability to crash Metamail or to execute arbitrary code. Workaround ========= There is no known workaround at this time. Resolution ========= All Metamail users should update to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-mail/metamail-2.7.45.3-r1" References ========= [ 1 ] CVE-2006-0709 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200603-16 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any securityconcerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.0/ . A critical vulnerability has been found in the Metamail app affecting Gentoo distributions. Immediate updates are crucial to reduce risks of unauthorized code execution. Gentoo Security, Metamail Fix, High Severity, Buffer Overflow Issue. . LinuxSecurity.com Team

Calendar%202 Mar 17, 2006 Gentoo
87

Debian: DSA 995-1 Moderate: Metamail Buffer Overflow Risk

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 995-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Steve Kemp March 13th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : metamail Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2006-0709 BugTraq ID : 16611 Debian Bug : 352482 Ulf Harnhammar discoverd a buffer overflow in metamail, an implementation of MIME (Multi-purpose Internet Mail Extensions), that could lead to a denial of service or potentially execute arbitrary code when processing messages. For the old stable distribution (woody) this problem has been fixed in version 2.7-45woody.4. For the stable distribution (sarge) this problem has been fixed in version 2.7-47sarge1. For the unstable distribution (sid) this problem has been fixed in version 2.7-51. We recommend that you upgrade your metamail package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 613 6ee8aeff0f14e5d799a670fe727039c7 Size/MD5 checksum: 333628 22588d5a91f53fdc1a6458c5519d2512 Size/MD5 checksum: 156656 c6967e9bc5d3c919764b02df24efca01 Alpha architecture: Size/MD5 checksum: 166084 a45a36ff283de7cb3ab3e43694f90c45 ARMarchitecture: Size/MD5 checksum: 153404 52e740cb6dbc32c860da10010bb90571 Intel IA-32 architecture: Size/MD5 checksum: 150578 4d3e962558adfd7f43859b9f7fd30450 Intel IA-64 architecture: Size/MD5 checksum: 205790 1e9d9f11ca4fbb1863db2e205d808c23 HP Precision architecture: Size/MD5 checksum: 153406 7897b81f6f0ee82abbcf415e258d8c9d Motorola 680x0 architecture: Size/MD5 checksum: 146400 a3cc53e414d0e60e54e4ac92849b4d0d Big endian MIPS architecture: Size/MD5 checksum: 158558 82cd3b0bb263e24f0a6f7c500a01d0af Little endian MIPS architecture: Size/MD5 checksum: 158562 b0a037641e1fa292decffa319cf75daf PowerPC architecture: Size/MD5 checksum: 148694 f326ccce8fd7cf2445e0f716fcc65143 IBM S/390 architecture: Size/MD5 checksum: 151512 ad0e4e1d1ee73ac300e4f1dc07bcfb5d Sun Sparc architecture: Size/MD5 checksum: 155492 cf37f006621cbff83fb236afd8bfc223 Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 594 3131f64cf684d62318636b8589acbc94 Size/MD5 checksum: 340408 165af1d9cff83f10103ebddfdb90f2ad Size/MD5 checksum: 156656 c6967e9bc5d3c919764b02df24efca01 Alpha architecture: Size/MD5 checksum: 168190 f31837660b8971eecd951def396c0379 AMD64 architecture: Size/MD5 checksum: 160420 ff733653f1d7df67115d61fa8df86406 ARM architecture: Size/MD5 checksum: 154186 937894d91d29082fa76ffea6d54e756f Intel IA-32 architecture: Size/MD5 checksum: 148676 58b08e364eefebe313a6fb6308ed5bf9 Intel IA-64 architecture: Size/MD5 checksum: 198062 fce924b058a6b833bf18f9f2ecbc4456 HP Precision architecture: Size/MD5 checksum: 159538 7bd1f8661de8ef52f7391022a12b023b Motorola 680x0 architecture: Size/MD5 checksum: 14833403af976c9a4f9e84493b8740ec97d459 Big endian MIPS architecture: Size/MD5 checksum: 166488 c228360db9655a46526ae72ff190d170 Little endian MIPS architecture: Size/MD5 checksum: 166320 120c2c081b45c4d7d90a58e65a11f984 PowerPC architecture: Size/MD5 checksum: 160878 ada001589f143bbe6215f12507ce6c4c IBM S/390 architecture: Size/MD5 checksum: 158718 0f70d83bff2a30d8dab1d798072d4157 Sun Sparc architecture: Size/MD5 checksum: 152086 b4776767e71f5202a4a188d032762b24 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Advisory DSA 995-1 http://www.debian.org/security/ Steve Kemp March 13th, 2006 http:. updated, package, --------------------------------------------------------------------------debian. . LinuxSecurity.com Team

Calendar%202 Mar 13, 2006 Debian
91

Gentoo: 200405-17 Alert - Metamail Vulnerability for Code Execution

Several format string bugs and buffer overflows were discovered in metamail, potentially allowing execution of arbitrary code remotely.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200405-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple vulnerabilities in metamail Date: May 21, 2004 Bugs: #42133 ID: 200405-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Several format string bugs and buffer overflows were discovered in metamail, potentially allowing execution of arbitrary code remotely. Background ========= Metamail is a program that decodes MIME encoded mail. It is therefore often automatically called when an email is received or read. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-mail/metamail < 2.7.45.3 > = 2.7.45.3 Description ========== Ulf Harnhammar found two format string bugs and two buffer overflow bugs in Metamail. Impact ===== A remote attacker could send a malicious email message and execute arbitrary code with the rights of the process calling the Metamail program. Workaround ========= There is no known workaround at this time. Resolution ========= All users of Metamail should upgrade to the latest stable version: # emerge sync # emerge -pv "> =net-mail/metamail-2.7.45.3" # emerge "> =net-mail/metamail-2.7.45.3" References ========= [ 1 ] CAN-2004-0104 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0104 [ 2 ]CAN-2004-0105 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0105 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200405-17 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2004 Gentoo Technologies, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/1.0/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - iD8DBQFArltcvcL1obalX08RArLOAJ9YFERhJfcJrzZthA7HVjbLmyxazwCgqghl l/eXbhtKh4BVtCGmVPSD2zs=GdJa -----END PGP SIGNATURE----- . Uncover the critical security flaws found in Metamail on Gentoo; essential update guidelines provided.. Gentoo Metamail Risks, Code Execution Threats, Buffer Overflow. . LinuxSecurity.com Team

Calendar%202 May 21, 2004 Gentoo
87

Debian 3.0 DSA 449-1 Critical: Metamail Remote Code Execution Issue

An attacker could create a carefully-crafted mail message which will execute arbitrary code as the victim when it is opened and parsed through metamail.. Debian Security Advisory DSA 449-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Martin Schulze February 24th, 2004 Debian -- Debian security FAQ - -------------------------------------------------------------------------- Package : metamail Vulnerability : buffer overflow, format string bugs Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0104 CAN-2004-0105 Ulf Härnhammar discovered two format string bugs (CAN-2004-0104) and two buffer overflow bugs (CAN-2004-0105) in metamail, an implementation of MIME. An attacker could create a carefully-crafted mail message which will execute arbitrary code as the victim when it is opened and parsed through metamail. We have been devoting some effort to trying to avoid shipping metamail in the future. It became unmaintainable and these are probably not the last of the vulnerabilities. For the stable distribution (woody) these problems have been fixed in version 2.7-45woody.2. For the unstable distribution (sid) these problems will be fixed in version 2.7-45.2. We recommend that you upgrade your metamail package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 613 eb8246a16fb3e6dbbd80247b53ae8153 Size/MD5 checksum: 333224 532b053589bc1038ea55d340ab93ee6e Size/MD5 checksum: 156656 c6967e9bc5d3c919764b02df24efca01 Alpha architecture: Size/MD5 checksum: 165818 92127db2f58390fdbb168c9cf2ccc2ce ARM architecture: Size/MD5 checksum: 153160 72b8d81c7c4a9027b508c45fd5d8b39e Intel IA-32 architecture: Size/MD5 checksum: 150252 2f3905d2923d8ecded2df290762b3c56 Intel IA-64 architecture: Size/MD5 checksum: 205530 8cfce92a64a7df4c9630f3214aafc9e7 HP Precision architecture: Size/MD5 checksum: 153204 4e49ebddf0830708fb30a6cc0bfb064b Motorola 680x0 architecture: Size/MD5 checksum: 146136 45fe19d01f7f76e394a09264bc2f57fb Big endian MIPS architecture: Size/MD5 checksum: 158316 1b4ad52779b866c71c06f68f1c62e195 Little endian MIPS architecture: Size/MD5 checksum: 158310 97c128e30297e62459bd9d277c407b33 PowerPC architecture: Size/MD5 checksum: 148476 a7b070e618315e1a45690c701f532435 IBM S/390 architecture: Size/MD5 checksum: 151256 121b87823b2a3e4ead430bd4c165526e Sun Sparc architecture: Size/MD5 checksum: 155234 24e5afafa0c3eb18540267e12651a337 These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Debian's DSA-449-1 addresses serious vulnerabilities in Metamail, allowing remote code execution risks.. Debian Security, Metamail Flaws, Remote Exploit Issues, Buffer Overflow Risks. . LinuxSecurity.com Team

Calendar%202 Feb 24, 2004 Debian
99

Slackware: 2004-049-02 Critical: Metamail Unauthorized Code Exec Threat

Metamail is a set of utilities for processing MIME mail. New metamail packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix two format string bugs and two buffer overflows which could lead to unauthorized code execution. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] metamail security update (SSA:2004-049-02) Metamail is a set of utilities for processing MIME mail. New metamail packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix two format string bugs and two buffer overflows which could lead to unauthorized code execution. Thanks to Ulf Härnhammar for discovering these problems and providing a patch. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: https://www.cve.org/CVERecord?id=CVE-CAN-2004-0104 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0105 Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Wed Feb 18 03:44:42 PST 2004 patches/packages/metamail-2.7-i486-2.tgz: Patched two format string bugs and two buffer overflows in metamail which could lead to unauthorized code execution. Thanks to Ulf Härnhammar for discovering these problems and providing a patch. (* Security fix *) +--------------------------+ WHERE TO FIND THE NEW PACKAGE: +-----------------------------+ Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/metamail-2.7-i386-2.tgz Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/metamail-2.7-i386-2.tgz Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/metamail-2.7-i486-2.tgz Updated package for Slackware -current: MD5 SIGNATURES: +-------------+ Slackware 8.1 package: 2472a9ac8eefc7d919c0dff517651be6 metamail-2.7-i386-2.tgz Slackware 9.0 package: 4f283c4ad8429fd0e9ed92f3e95e93c7 metamail-2.7-i386-2.tgz Slackware 9.1package: d9947ffb77c68930ed4826dfab4af91b metamail-2.7-i486-2.tgz Slackware -current package: d9947ffb77c68930ed4826dfab4af91b metamail-2.7-i486-2.tgz INSTALLATION INSTRUCTIONS: +------------------------+ Upgrade the metamail package with upgradepkg: # upgradepkg metamail-2.7-i486-2.tgz +-----+ . Metamail for Arch Linux has been patched with essential updates to fix format string vulnerabilities and stack overflow concerns.. Metamail Security Update, Slackware Package Fix, MIME Code Execution. . LinuxSecurity.com Team

Calendar%202 Feb 18, 2004 Slackware
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200