Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: New uw-imap packages fix arbitrary code execution Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 861-1                                        Martin Schulze
October 11th, 2005            
- --------------------------------------------------------------------------

Package        : uw-imap
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2933

"infamous41md" discovered a buffer overflow in uw-imap, the University
of Washington's IMAP Server that allows attackers to execute arbitrary

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 2002edebian1-11sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2002edebian1-11sarge1.

We recommend that you upgrade your uw-imap packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:      785 bf3e532a78669fd66c329a46ea11809d
      Size/MD5 checksum:    85400 b295b9c10972cb78f3b4d25394b4b31d
      Size/MD5 checksum:  1517069 8ff277e7831326988d0ee0bfeca7c8ff

  Architecture independent components:
      Size/MD5 checksum:    19982 ee7e9d78916253bef43c0513b1fa2df3
      Size/MD5 checksum:    19968 01cd3a699013ba2679af4cd4c4c97ee7

  Alpha architecture:
      Size/MD5 checksum:    45316 8eff87a5d99f8514a97ba925f64cc29c
      Size/MD5 checksum:  1400536 508b3322c04aba6a16ccd8360bcb2c8f
      Size/MD5 checksum:   623866 007e483d0f71e26d88135ebd621cf913
      Size/MD5 checksum:    26112 1512b9c49a9e67222c42e1e1a3161f62
      Size/MD5 checksum:    76068 d3f6e63d18eee660aec45970c75a1e9f
      Size/MD5 checksum:    50388 7915af40dc8454ed9c28b8210785b4b2

  AMD64 architecture:
      Size/MD5 checksum:    43842 9ee07ca885ad0a760624ee9ac3359573
      Size/MD5 checksum:  1241462 a04eea3b29ce844bd36e882c358ec589
      Size/MD5 checksum:   585262 43379b991740461a5247103be7bb481c
      Size/MD5 checksum:    25256 b46f5e4f874df2b1c64e46d4d179753f
      Size/MD5 checksum:    71862 9ea5e627919c4dc40db2ed70047da69c
      Size/MD5 checksum:    47526 607377887f83ed71a87264bc85317bf3

  ARM architecture:
      Size/MD5 checksum:    43908 cbb7163d6976c804f7f7dde0eba82e8f
      Size/MD5 checksum:  1218296 e942c426a47bfa5fe43b269040dc259d
      Size/MD5 checksum:   572074 325eab596c707493b112c4157192fd7d
      Size/MD5 checksum:    25284 aeedc4004a68ceb78d705c44cce7bd2b
      Size/MD5 checksum:    71378 611cd65efdeebdc3aba327482a966109
      Size/MD5 checksum:    46240 48f471e616eb16cb6682ef206eff68b5

  Intel IA-32 architecture:
      Size/MD5 checksum:    42640 222b9d6cfae656aeb0995b6b742a8018
      Size/MD5 checksum:  1192272 a641726681b49cbf4a59d15a992c3307
      Size/MD5 checksum:   580390 70951fce39878d16e551d0a3d20b1396
      Size/MD5 checksum:    25354 f72ec8b8f6c62b1c0185582387624fd3
      Size/MD5 checksum:    69812 9f7ef54531d8a7f98302526ba0395b93
      Size/MD5 checksum:    46514 07f09150e567ab8628e66b81ac4eef45

  Intel IA-64 architecture:
      Size/MD5 checksum:    49584 cf5a3f4db538e69659eba3464ded819b
      Size/MD5 checksum:  1392282 8ad6f8db3031f8f312cdac57b423d9a6
      Size/MD5 checksum:   692648 0b9c67065ef7dc2bd19781778df56411
      Size/MD5 checksum:    26856 253449914d0ebea21699f939ea21823b
      Size/MD5 checksum:    82692 4803d5030e4521f010e28ba0129528e0
      Size/MD5 checksum:    57218 5015cfcc9c0a4ec7100e31c86874feb4

  HP Precision architecture:
      Size/MD5 checksum:    45482 e9ae3633401d343357ef2ede9b5dcfde
      Size/MD5 checksum:  1290012 79d3092981ccf2fa5f6770e68ec494a9
      Size/MD5 checksum:   621964 9090bf13ad38d5d2584d1a2497aa59b0
      Size/MD5 checksum:    26102 6df6311df18609d071cc918568b481ec
      Size/MD5 checksum:    74376 e6ddda3b2f8765ef20d307888da4bb79
      Size/MD5 checksum:    48796 a16164bb8d33476cb5ab8e9bc8bd851f

  Motorola 680x0 architecture:
      Size/MD5 checksum:    42198 0c460fb08a6baf8597d588b06c0eb866
      Size/MD5 checksum:  1202760 bcfd325de3b1ae80142fd40863c98480
      Size/MD5 checksum:   557322 355de85312016eee76b442f617a1fa7b
      Size/MD5 checksum:    25282 7a22722226b591ddd992b340eed62a79
      Size/MD5 checksum:    67800 b78499f7aedee1af72a0abdce500bf1b
      Size/MD5 checksum:    45972 6d387a13b396d2af4fb9c3a0a739e703

  Big endian MIPS architecture:
      Size/MD5 checksum:    45198 64a47c0e7299d4b9c2fabf9f5dbcd270
      Size/MD5 checksum:  1293040 0de4a01dd9aa001d0c9e3970add39139
      Size/MD5 checksum:   584784 b9981e6e319358c956ee8038e7ea70b5
      Size/MD5 checksum:    26032 91f708c3c2aaac1ff684a0067761479f
      Size/MD5 checksum:    70504 a77dc274b6df53c30e13aa54f933fda1
      Size/MD5 checksum:    51994 b03effecefe81dab0d9523bcd4d31287

  Little endian MIPS architecture:
      Size/MD5 checksum:    45138 d8319d4a2e984218582a2afcd3cd1f61
      Size/MD5 checksum:  1266374 12718fcede276595c4f6060adc06e50c
      Size/MD5 checksum:   584592 574d31724a1022e62a4c4954c4744b4b
      Size/MD5 checksum:    26024 60437f28a8d255810fc33b215fe124ca
      Size/MD5 checksum:    70396 8b11bea999587f10987960d36d122739
      Size/MD5 checksum:    52042 7f1f9bd83e7e82f3e3df8ae0a505f222

  PowerPC architecture:
      Size/MD5 checksum:    44714 3be1ef718719a94a9755ac2492bf4736
      Size/MD5 checksum:  1367392 5140873290e9c5eceeb81adb45b4cfbe
      Size/MD5 checksum:   584320 b249e6621e1b6835eb2d19c5307706ed
      Size/MD5 checksum:    25724 ad84786248356abddf83822e32fad4e1
      Size/MD5 checksum:    70054 3b49efb35b29fe1383d77acc99e77220
      Size/MD5 checksum:    49518 16be979ed27da72276922377cfe4e63f

  IBM S/390 architecture:
      Size/MD5 checksum:    45220 f0f89e4980b1ae8d016a18a4465d5daa
      Size/MD5 checksum:  1605558 ab2145e4e5ed815eac6b535ed852a075
      Size/MD5 checksum:   598718 d65ae25a64e58b9657e4d289c426aa8d
      Size/MD5 checksum:    25794 5958825b0b8f38b1768c0172d70f7a92
      Size/MD5 checksum:    73032 7c90176a07024e8d4103b3c53da66d7c
      Size/MD5 checksum:    48286 d0b533d1d55562880e2830e6d9840b97

  Sun Sparc architecture:
      Size/MD5 checksum:    43512 2769984cb6ade49615903339399f76fc
      Size/MD5 checksum:  1230520 b2fb2513b5a3e244c8dcddfc0e944c59
      Size/MD5 checksum:   578812 1e99dac1bb48e24cc2dfc68e32be3a0b
      Size/MD5 checksum:    25348 b763253c4b4767fcfffcefea7f708245
      Size/MD5 checksum:    71438 a9f91e6c21f28a5a2ff630913d85a2aa
      Size/MD5 checksum:    46204 bc1f2368bfddcde27cc20ee264234122

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.