Debians sikkerhedsbulletin

DSA-732-1 mailutils -- flere sårbarheder

Rapporteret den:

3. jun 2005

Berørte pakker:

mailutils

Sårbar:

Referencer i sikkerhedsdatabaser:

I Mitres CVE-ordbog: CVE-2005-1520, CVE-2005-1521, CVE-2005-1522, CVE-2005-1523.

Yderligere oplysninger:

"infamous41md" har opdaget flere sårbarheder i pakken GNU mailutils, der indeholder værktøjer til håndtering af e-mail. Disse problemer kan medføre lammelsesangreb eller udførelse af vilkårlig kode. Projektet Common Vulnerabilities and Exposures har fundet frem til følgende sårbarheder.

CAN-2005-1520
Bufferoverløb i håndteringen af mailheader kan gøre det muligt for en fjernangriber at udføre kommandoer med rettighederne hørende til den bruger, det går ud over.
CAN-2005-1521
Et kombineret heltals- og heapoverløb i fetch-rutinen kan føre til udførelse af vilkårlig kode.
CAN-2005-1522
Lammelsesangreb i fetch-rutinen.
CAN-2005-1523
Formatstrengssårbarhed kan føre til udførelse af vilkårlig kode.

I den stabile distribution (woody) er disse problemer rettet i version 20020409-1woody2.

I distributionen testing (sarge) er disse problemer rettet i version 0.6.1-4.

I den ustabile distribution (sid) er disse problemer rettet i version 0.6.1-4.

Vi anbefaler at du opgraderer dine mailutils-pakker.

Rettet i:

Debian GNU/Linux 3.0 (woody)

Kildekode:: http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2.dsc; http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2.tar.gz
Arkitekturuafhængig komponent:: http://security.debian.org/pool/updates/main/m/mailutils/mailutils-doc_20020409-1woody2_all.deb
Alpha:: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_arm.deb; http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_arm.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_arm.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_arm.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_i386.deb; http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_i386.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_i386.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_i386.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_mips.deb; http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_mips.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_mips.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_mips.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_s390.deb; http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_s390.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_s390.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_s390.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.