- ------------------------------------------------------------------------
Debian Security Advisory DSA-257-2                   security@debian.org 
Debian -- Security Information                          Wichert Akkerman
March  4, 2003
- ------------------------------------------------------------------------


Package        : sendmail-wide
Problem type   : remote exploit
Debian-specific: no

This advisory is an addendum to DSA-257-1; the sendmail problem
discussed there also applies to the sendmail-wide packages.

Mark Dowd of ISS X-Force found a bug in the header parsing routines
of sendmail: it could overflow a buffer when encountering addresses
specially crafted addresses.

This has been fixed in version 8.9.3+3.2W-24 of the package for Debian
GNU/Linux 2.2/potato and version 8.12.3+3.5Wbeta-5.2 of the package
for Debian GNU/Linux 3.0/woody.

- ------------------------------------------------------------------------

Obtaining updates:

  By hand:
    wget URL
        will fetch the file for you.
    dpkg -i FILENAME.deb
        will install the fetched file.

  With apt:
    deb  Debian -- Security Information  stable/updates main
        added to /etc/apt/sources.list will provide security updates

Additional information can be found on the Debian security webpages
at  Debian -- Security Information 

- ------------------------------------------------------------------------


Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc. At
  this moment updates for the arm architecture are not yet available.


  Source archives:

      
      Size/MD5 checksum:      541 c93cca69438ee75976517187d4f8d664
      
      Size/MD5 checksum:  1272761 2905292d7c17de5a1ae31d2ebf5c344c

  alpha architecture (DEC Alpha)

      
      Size/MD5 checksum:   302696 87b2cce86f430f8825439ecab1a405f8

  i386 architecture (Intel ia32)

      
      Size/MD5 checksum:   217618 7da2aeb124ff0da6a596b429a64415ab

  m68k architecture (Motorola Mc680x0)

      
      Size/MD5 checksum:   202468 f66310eab0cca7ba0dcc6f55407a6359

  powerpc architecture (PowerPC)

      
      Size/MD5 checksum:   242646 7887c26fb5b701f56b9f4836e50f152d

  sparc architecture (Sun SPARC/UltraSPARC)

      
      Size/MD5 checksum:   236450 ef7e06fe112024b51a09857da19c7139


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
  powerpc, s390 and sparc. 


  Source archives:

      
      Size/MD5 checksum:      738 13e84b5fad4146ae8b09a3c53def1425
      
      Size/MD5 checksum:  1870451 4c7036e8042bae10a90da4a84a717963
      
      Size/MD5 checksum:   324768 d97da94eafadfb9c31dd7678fbb39c62

  alpha architecture (DEC Alpha)

      
      Size/MD5 checksum:   440346 481ec19be09824cb2394b990149396db

  arm architecture (ARM)

      
      Size/MD5 checksum:   369224 708693168ed3f0268fc9b346d4ffae13

  hppa architecture (HP PA RISC)

      
      Size/MD5 checksum:   413364 9bb9609e2f215e5f42e3c540563fc12e

  i386 architecture (Intel ia32)

      
      Size/MD5 checksum:   328606 c76a156b74928a1ba796a3a3b48d7423

  ia64 architecture (Intel ia64)

      
      Size/MD5 checksum:   574706 d1a2522112c46ff60d1cbaefdb49e2d7

  m68k architecture (Motorola Mc680x0)

      
      Size/MD5 checksum:   300600 6688599f9af8d95b174916283b28289b

  mips architecture (MIPS (Big Endian))

      
      Size/MD5 checksum:   378150 facb8c33943fa62c88713021a351e79c

  mipsel architecture (MIPS (Little Endian))

      
      Size/MD5 checksum:   380108 867a14a01572fb747d81932b7106a429

  powerpc architecture (PowerPC)

      
      Size/MD5 checksum:   362674 5380a764a53eca533a709ad631fba0d8

  s390 architecture (IBM S/390)

      
      Size/MD5 checksum:   354562 6a21b7f3ced620789e35df583d6411fd

  sparc architecture (Sun SPARC/UltraSPARC)

      
      Size/MD5 checksum:   355768 36c642bd24104fb94f33a8680af0058b

- -- 
- ----------------------------------------------------------------------------
Debian Security team <team@security.debian.org> 
Debian -- Security Information 
Mailing-List: debian-security-announce@lists.debian.org

Debian: sendmail-wide remote exploit

March 5, 2003
This advisory is an addendum to DSA-257-1; the sendmail problem discussed there also applies to the sendmail-wide packages.

Summary

Package : sendmail-wide
Problem type : remote exploit
Debian-specific: no

This advisory is an addendum to DSA-257-1; the sendmail problem
discussed there also applies to the sendmail-wide packages.

Mark Dowd of ISS X-Force found a bug in the header parsing routines
of sendmail: it could overflow a buffer when encountering addresses
specially crafted addresses.

This has been fixed in version 8.9.3+3.2W-24 of the package for Debian
GNU/Linux 2.2/potato and version 8.12.3+3.5Wbeta-5.2 of the package
for Debian GNU/Linux 3.0/woody.


Obtaining updates:

By hand:
wget URL
will fetch the file for you.
dpkg -i FILENAME.deb
will install the fetched file.

With apt:
deb Debian -- Security Information stable/updates main
added to /etc/apt/sources.list will provide security updates

Additional information can be found on the Debian security webpages
at Debian -- Security Information



Debian GNU/Linux 2.2 alias potato

Potato was released for alpha, arm, i386, m68k, powerpc and sparc. At
this moment updates for the arm architecture are not yet available.


Source archives:


Size/MD5 checksum: 541 c93cca69438ee75976517187d4f8d664

Size/MD5 checksum: 1272761 2905292d7c17de5a1ae31d2ebf5c344c

alpha architecture (DEC Alpha)


Size/MD5 checksum: 302696 87b2cce86f430f8825439ecab1a405f8

i386 architecture (Intel ia32)


Size/MD5 checksum: 217618 7da2aeb124ff0da6a596b429a64415ab

m68k architecture (Motorola Mc680x0)


Size/MD5 checksum: 202468 f66310eab0cca7ba0dcc6f55407a6359

powerpc architecture (PowerPC)


Size/MD5 checksum: 242646 7887c26fb5b701f56b9f4836e50f152d

sparc architecture (Sun SPARC/UltraSPARC)


Size/MD5 checksum: 236450 ef7e06fe112024b51a09857da19c7139


Debian GNU/Linux 3.0 alias woody

Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
powerpc, s390 and sparc.


Source archives:


Size/MD5 checksum: 738 13e84b5fad4146ae8b09a3c53def1425

Size/MD5 checksum: 1870451 4c7036e8042bae10a90da4a84a717963

Size/MD5 checksum: 324768 d97da94eafadfb9c31dd7678fbb39c62

alpha architecture (DEC Alpha)


Size/MD5 checksum: 440346 481ec19be09824cb2394b990149396db

arm architecture (ARM)


Size/MD5 checksum: 369224 708693168ed3f0268fc9b346d4ffae13

hppa architecture (HP PA RISC)


Size/MD5 checksum: 413364 9bb9609e2f215e5f42e3c540563fc12e

i386 architecture (Intel ia32)


Size/MD5 checksum: 328606 c76a156b74928a1ba796a3a3b48d7423

ia64 architecture (Intel ia64)


Size/MD5 checksum: 574706 d1a2522112c46ff60d1cbaefdb49e2d7

m68k architecture (Motorola Mc680x0)


Size/MD5 checksum: 300600 6688599f9af8d95b174916283b28289b

mips architecture (MIPS (Big Endian))


Size/MD5 checksum: 378150 facb8c33943fa62c88713021a351e79c

mipsel architecture (MIPS (Little Endian))


Size/MD5 checksum: 380108 867a14a01572fb747d81932b7106a429

powerpc architecture (PowerPC)


Size/MD5 checksum: 362674 5380a764a53eca533a709ad631fba0d8

s390 architecture (IBM S/390)


Size/MD5 checksum: 354562 6a21b7f3ced620789e35df583d6411fd

sparc architecture (Sun SPARC/UltraSPARC)


Size/MD5 checksum: 355768 36c642bd24104fb94f33a8680af0058b

- --
Debian Security team <team@security.debian.org>
Debian -- Security Information
Mailing-List: debian-security-announce@lists.debian.org



Severity

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved