Date: Mon, 5 Jun 2000 20:22:06 +0200 From: Wichert Akkerman <wichert@soil.nl> To: debian-security-announce@lists.debian.org Subject: [SECURITY] New version of mailx released -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------------- Debian Security Advisory security@debian.org http://www.debian.org/security/ Daniel Jacobowitz June 5, 2000 - ---------------------------------------------------------------------------- Package: mailx Vulnerability: local exploit Debian-specific: no The version of mailx distributed in Debian GNU/Linux 2.1 (a.k.a. slink), as well as in the frozen (potato) and unstable (woody) distributions is vulnerable to a local buffer overflow while sending messages. This could be exploited to give a shell running with group "mail". This has been fixed in version 8.1.1-10.1, and we recommend that you update your mailx package immediately. Debian GNU/Linux 2.1 alias slink - -------------------------------- This version of Debian was released only for Intel ia32, the Motorola 680x0, the Alpha, and the Sun Sparc architecture. Source archives: http://security.debian.org/dists/stable/updates/source/mailx_8.1.1-10.1.diff.gz MD5 checksum: 13866649fb581d9ca53e2e8c6bb70733 http://security.debian.org/dists/stable/updates/source/mailx_8.1.1-10.1.dsc MD5 checksum: 87d8fd019a35aba4041ba12cbde64ee6 http://security.debian.org/dists/stable/updates/source/mailx_8.1.1.orig.tar.gz MD5 checksum: c779002cb043b57fd5198ec2032cacb0 Alpha architecture: http://security.debian.org/dists/stable/updates/binary-alpha/mailx_8.1.1-10.1_alpha.deb MD5 checksum: 6da920f8c1d5a4924e88982923cfe5bb Intel ia32 architecture: http://security.debian.org/dists/stable/updates/binary-i386/mailx_8.1.1-10.1_i386.deb MD5 checksum: f2b17ff796cc5209700f5d58803d9c77 Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/binary-m68k/mailx_8.1.1-10.1_m68k.deb MD5 checksum: 908eece4836b1f021d6f29abdd8360a5 Sun Sparc architecture: http://security.debian.org/dists/stable/updates/binary-sparc/mailx_8.1.1-10.1_sparc.deb MD5 checksum: e38842ada3f9eac9dd5b1ec836f0ea63 Debian 2.2 alias potato - - ----------------------- This version of Debian is not yet released. Fixes are currently available for Intel ia32, the Motorola 680x0, the Alpha, and the Sun Sparc architecture. Fixes for other architectures will be available soon. Source archives: http://security.debian.org/dists/potato/main/updates/source/mailx_8.1.1-10.1.diff.gz MD5 checksum: 13866649fb581d9ca53e2e8c6bb70733 http://security.debian.org/dists/potato/main/updates/source/mailx_8.1.1-10.1.dsc MD5 checksum: 87d8fd019a35aba4041ba12cbde64ee6 http://security.debian.org/dists/potato/main/updates/source/mailx_8.1.1.orig.tar.gz MD5 checksum: c779002cb043b57fd5198ec2032cacb0 Alpha architecture: http://security.debian.org/dists/potato/main/updates/binary-alpha/mailx_8.1.1-10.1_alpha.deb MD5 checksum: 6da920f8c1d5a4924e88982923cfe5bb Intel ia32 architecture: http://security.debian.org/dists/potato/main/updates/binary-i386/mailx_8.1.1-10.1_i386.deb MD5 checksum: f2b17ff796cc5209700f5d58803d9c77 Motorola 680x0 architecture: http://security.debian.org/dists/potato/main/updates/binary-m68k/mailx_8.1.1-10.1_m68k.deb MD5 checksum: 908eece4836b1f021d6f29abdd8360a5 Sun Sparc architecture: http://security.debian.org/dists/potato/main/updates/binary-sparc/mailx_8.1.1-10.1_sparc.deb MD5 checksum: e38842ada3f9eac9dd5b1ec836f0ea63 Debian Unstable alias woody - --------------------------- A fix will be available in the unstable archive soon. - ---------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable updates For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQB1AwUBOTvvoqjZR/ntlUftAQHtlgL6A2QY9ZB1v1bmy2lhv/r6ltak8mH9jpkD 0Mhr9K1rVsdCIU0CPlU9plafl9OiUcqzl98QOfO/ggdGqt4QcWsJd3MQTXcNACJz DTExRhZHlAa5v0u+3Hfn/yoCqxde23ma =JDwA -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org