![[LWN Logo]](/images/lwn.banner.gif)
Date: Mon, 7 Jun 1999 00:28:15 -0700
From: debian-security-announce@LISTS.DEBIAN.ORG
Subject: [SECURITY] New version if ipopd prevents exploit
To: BUGTRAQ@NETSPACE.ORG
-----BEGIN PGP SIGNED MESSAGE-----
We have received reports that the version of the imap suite
in Debian GNU/Linux 2.1 has a vulnerability in its POP-2 daemon,
which can be found in the ipopd package. Using this vulnerability
it is possible for remote users to get a shell as user "nobody"
on the server.
We recommend you upgrade your ipopd package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
- --------------------------------
This version of Debian was released only for Intel, the Motorola
680x0, the alpha and the Sun sparc architecture.
Source archives:
http://security.debian.org/dists/stable/updates/source/imap_4.5-0slink2.diff.gz
MD5 checksum: 606f893869069eee68f4c1e31392af29
http://security.debian.org/dists/stable/updates/source/imap_4.5-0slink2.dsc
MD5 checksum: 93ed80a3619586ff9f3246003aca2448
http://security.debian.org/dists/stable/updates/source/imap_4.5.orig.tar.gz
MD5 checksum: 59afe4be5fcd17c20d241633a4a3d0ac
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/binary-sparc/c-client-dev_4.5-0slink2_sparc.deb
MD5 checksum: 2de5363a3ea9f27c1aa064c3102567cc
http://security.debian.org/dists/stable/updates/binary-sparc/imap_4.5-0slink2_sparc.deb
MD5 checksum: 87638b6ad06094f30ff6d2dddfd10b8b
http://security.debian.org/dists/stable/updates/binary-sparc/ipopd_4.5-0slink2_sparc.deb
MD5 checksum: aa6621e2f7e2df751489c397e9e169a8
Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/binary-i386/c-client-dev_4.5-0slink2_i386.deb
MD5 checksum: fd92656c7281a4d8322b6da1285475cd
http://security.debian.org/dists/stable/updates/binary-i386/imap_4.5-0slink2_i386.deb
MD5 checksum: c92eaece7e431c84708909362afad07d
http://security.debian.org/dists/stable/updates/binary-i386/ipopd_4.5-0slink2_i386.deb
MD5 checksum: 29685847b0eef8307383a428b1d02be2
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/binary-m68k/c-client-dev_4.5-0slink2_m68k.deb
MD5 checksum: eeab449299e9f2d3fc97db69110b4432
http://security.debian.org/dists/stable/updates/binary-m68k/imap_4.5-0slink2_m68k.deb
MD5 checksum: 4bd0fbaa392b6013f6caa33b04578764
http://security.debian.org/dists/stable/updates/binary-m68k/ipopd_4.5-0slink2_m68k.deb
MD5 checksum: d43f502971afc531923903f3ac7b5b3f
Alpha architecture:
http://security.debian.org/dists/stable/updates/binary-alpha/c-client-dev_4.5-0slink2_alpha.deb
MD5 checksum: 6732ae9495ee29590ed85cc482fbda97
http://security.debian.org/dists/stable/updates/binary-alpha/imap_4.5-0slink2_alpha.deb
MD5 checksum: d0ee05b972d5d1bc1d066e2bae4d8c8b
http://security.debian.org/dists/stable/updates/binary-alpha/ipopd_4.5-0slink2_alpha.deb
MD5 checksum: 89c3931092537d0eb23fb50fa57f1bb0
These files will be copied into
ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.
Please note you can also use apt to always get the latest security
updates. To do so add the following line to /etc/apt/sources.list:
deb http://security.debian.org/ stable updates
- --
Debian GNU/Linux . Security Managers . security@debian.org
debian-security-announce@lists.debian.org
Christian Hudon . Wichert Akkerman . Martin Schulze
<chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQB1AwUBN1sKgajZR/ntlUftAQGqlgL/d+dzjkxSf0bVDuFmWmeMgH9UxhpJXAwV
0EAtFEY7oRyNpiRLHojnJ48sPviIetVsojHsz9w4uh787skIUJYdFTJN+/O+kxLq
TeF2k+ESbtLJav5QCnVrR7CfiIhYMLgx
=Z3ew
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org