Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
172
security advisoryubuntuinput handlingUbuntu 18.04/16.04: USN-4621-1 Moderate: Netqmail Input Handling Issues
netqmail could be made to crash if it received specially crafted input.. =========================================================================Ubuntu Security Notice USN-4621-1 November 05, 2020 netqmail vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: netqmail could be made to crash if it received specially crafted input. Software Description: - netqmail: a secure, reliable, efficient, simple message transfer agent Details: It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. (CVE-2005-1513, CVE-2005-1514, CVE-2005-1515) It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this to bypass email address validation. (CVE-2020-3811) It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this vulnerability to cause netqmail to disclose sensitive information. (CVE-2020-3812) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: qmail 1.06-6.2~deb10u1build0.18.04.1 Ubuntu 16.04 LTS: qmail 1.06-6.2~deb10u1build0.16.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4621-1 CVE-2005-1513, CVE-2005-1514, CVE-2005-1515, CVE-2020-3811, CVE-2020-3812 Package Information: https://launchpad.net/ubuntu/+source/netqmail/1.06-6.2~deb10u1build0.18.04.1 https://launchpad.net/ubuntu/+source/netqmail/1.06-6.2~deb10u1build0.16.04.1 . The latest Ubuntu Security Notice USN-4621-1 highlights issues in netqmail, which could lead to system instability through speciallydesigned inputs.. netqmail vulnerabilities, email address validation, Ubuntu advisory. . LinuxSecurity.com Team
Nov 06, 2020
Ubuntu
172
security advisoryarbitrary code executioninput validationUbuntu 20.04 LTS: USN-4556-1 Critical: Netqmail Input Issues
netqmail could be made to crash or run programs as any user (except root) if it received specially crafted network traffic.. =========================================================================Ubuntu Security Notice USN-4556-1 September 29, 2020 netqmail vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: netqmail could be made to crash or run programs as any user (except root) if it received specially crafted network traffic. Software Description: - netqmail: a secure, reliable, efficient, simple message transfer agent Details: It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. (CVE-2005-1513, CVE-2005-1514, CVE-2005-1515) It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this to bypass email address validation. (CVE-2020-3811) It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this vulnerability to cause netqmail to disclose sensitive information. (CVE-2020-3812) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: qmail 1.06-6.2~deb10u1build0.20.04.1 qmail-uids-gids 1.06-6.2~deb10u1build0.20.04.1 In general, a standard system update will make all the necessary changes. References: CVE-2005-1513, CVE-2005-1514, CVE-2005-1515, CVE-2020-3811, CVE-2020-3812 Package Information: https://launchpad.net/ubuntu/+source/netqmail/1.06-6.2~deb10u1build0.20.04.1 -- ubuntu-security-announce mailing list
Sep 29, 2020
•Critical
Ubuntu
91
security advisorygentoomultiple issuesGentoo: GLSA-202007-01 Normal: netqmail Multiple Code Execution Issues
Multiple vulnerabilities have been found in netqmail, the worst of which could result in the arbitrary execution of code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: netqmail: Multiple vulnerabilities Date: July 26, 2020 Bugs: #721566 ID: 202007-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in netqmail, the worst of which could result in the arbitrary execution of code. Background ========= qmail is a secure, reliable, efficient, simple message transfer agent. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-mta/netqmail < 1.06-r13 > = 1.06-r13 Description ========== Multiple vulnerabilities have been discovered in netqmail. Please review the CVE identifiers referenced below for details. Impact ===== In the default configuration, these vulnerabilities are only local. Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All netqmail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =mail-mta/netqmail-1.06-r13" References ========= [ 1 ] CVE-2005-1513 https://nvd.nist.gov/vuln/detail/CVE-2005-1513 [ 2 ] CVE-2005-1514 https://nvd.nist.gov/vuln/detail/CVE-2005-1514 [ 3 ] CVE-2005-1515 https://nvd.nist.gov/vuln/detail/CVE-2005-1515 Availability =========== This GLSAand any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202007-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jul 26, 2020
Gentoo
197
security advisorydenial of servicesecurity updateDebian LTS 8: DLA-2234-1 Moderate: Netqmail Denial Of Service
There were several CVE bugs reported against src:netqmail. CVE-2005-1513 . Package : netqmail Version : 1.06-6.2~deb8u1 CVE ID : CVE-2005-1513 CVE-2005-1514 CVE-2005-1515 CVE-2020-3811 CVE-2020-3812 Debian Bug : 961060 There were several CVE bugs reported against src:netqmail. CVE-2005-1513 Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request. CVE-2005-1514 commands.c in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SMTP command without a space character, which causes an array to be referenced with a negative index. CVE-2005-1515 Integer signedness error in the qmail_put and substdio_put functions in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of SMTP RCPT TO commands. CVE-2020-3811 qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability. CVE-2020-3812 qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first. For Debian 8 "Jessie", these problems have been fixed in version 1.06-6.2~deb8u1. We recommend that you upgrade your netqmail packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at:https://wiki.debian.org/LTS Best, Utkarsh . Netqmail security notice highlighting CVE-2005-1513 and additional concerns for Debian LTS users. Update advised for enhanced security.. netqmail security advisory, Debian update, CVE resolution, software vulnerabilities. . LinuxSecurity.com Team
Jun 04, 2020
Debian LTS
87
security advisorydebianemail securityDebian: DSA-4692-1 Critical: netqmail Multiple Issues Detected
Georgi Guninski and the Qualys Research Labs discovered multiple vulnerabilities in qmail (shipped in Debian as netqmail with additional patches) which could result in the execution of arbitrary code, bypass of mail address verification and a local information leak whether a file . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4692-1
May 24, 2020
•Critical
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!