Date: Mon, 7 Jun 1999 00:28:15 -0700 From: debian-security-announce@LISTS.DEBIAN.ORG Subject: [SECURITY] New version if ipopd prevents exploit To: BUGTRAQ@NETSPACE.ORG -----BEGIN PGP SIGNED MESSAGE----- We have received reports that the version of the imap suite in Debian GNU/Linux 2.1 has a vulnerability in its POP-2 daemon, which can be found in the ipopd package. Using this vulnerability it is possible for remote users to get a shell as user "nobody" on the server. We recommend you upgrade your ipopd package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.1 alias slink - -------------------------------- This version of Debian was released only for Intel, the Motorola 680x0, the alpha and the Sun sparc architecture. Source archives: http://security.debian.org/dists/stable/updates/source/imap_4.5-0slink2.diff.gz MD5 checksum: 606f893869069eee68f4c1e31392af29 http://security.debian.org/dists/stable/updates/source/imap_4.5-0slink2.dsc MD5 checksum: 93ed80a3619586ff9f3246003aca2448 http://security.debian.org/dists/stable/updates/source/imap_4.5.orig.tar.gz MD5 checksum: 59afe4be5fcd17c20d241633a4a3d0ac Sun Sparc architecture: http://security.debian.org/dists/stable/updates/binary-sparc/c-client-dev_4.5-0slink2_sparc.deb MD5 checksum: 2de5363a3ea9f27c1aa064c3102567cc http://security.debian.org/dists/stable/updates/binary-sparc/imap_4.5-0slink2_sparc.deb MD5 checksum: 87638b6ad06094f30ff6d2dddfd10b8b http://security.debian.org/dists/stable/updates/binary-sparc/ipopd_4.5-0slink2_sparc.deb MD5 checksum: aa6621e2f7e2df751489c397e9e169a8 Intel ia32 architecture: http://security.debian.org/dists/stable/updates/binary-i386/c-client-dev_4.5-0slink2_i386.deb MD5 checksum: fd92656c7281a4d8322b6da1285475cd http://security.debian.org/dists/stable/updates/binary-i386/imap_4.5-0slink2_i386.deb MD5 checksum: c92eaece7e431c84708909362afad07d http://security.debian.org/dists/stable/updates/binary-i386/ipopd_4.5-0slink2_i386.deb MD5 checksum: 29685847b0eef8307383a428b1d02be2 Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/binary-m68k/c-client-dev_4.5-0slink2_m68k.deb MD5 checksum: eeab449299e9f2d3fc97db69110b4432 http://security.debian.org/dists/stable/updates/binary-m68k/imap_4.5-0slink2_m68k.deb MD5 checksum: 4bd0fbaa392b6013f6caa33b04578764 http://security.debian.org/dists/stable/updates/binary-m68k/ipopd_4.5-0slink2_m68k.deb MD5 checksum: d43f502971afc531923903f3ac7b5b3f Alpha architecture: http://security.debian.org/dists/stable/updates/binary-alpha/c-client-dev_4.5-0slink2_alpha.deb MD5 checksum: 6732ae9495ee29590ed85cc482fbda97 http://security.debian.org/dists/stable/updates/binary-alpha/imap_4.5-0slink2_alpha.deb MD5 checksum: d0ee05b972d5d1bc1d066e2bae4d8c8b http://security.debian.org/dists/stable/updates/binary-alpha/ipopd_4.5-0slink2_alpha.deb MD5 checksum: 89c3931092537d0eb23fb50fa57f1bb0 These files will be copied into ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon. Please note you can also use apt to always get the latest security updates. To do so add the following line to /etc/apt/sources.list: deb http://security.debian.org/ stable updates - -- Debian GNU/Linux . Security Managers . security@debian.org debian-security-announce@lists.debian.org Christian Hudon . Wichert Akkerman . Martin Schulze <chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org> -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQB1AwUBN1sKgajZR/ntlUftAQGqlgL/d+dzjkxSf0bVDuFmWmeMgH9UxhpJXAwV 0EAtFEY7oRyNpiRLHojnJ48sPviIetVsojHsz9w4uh787skIUJYdFTJN+/O+kxLq TeF2k+ESbtLJav5QCnVrR7CfiIhYMLgx =Z3ew -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org