[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

[SECURITY] New version of mailx released

To: ilugc@xxxxxxxxxxxxxxxxxx, linux-india-help@xxxxxxxxxxxxxxxxxxxxx
Subject: [SECURITY] New version of mailx released
From: "Ravikant K.Rao" <ravikant@xxxxxxxxxxxxxxx>
Date: Mon, 5 Jun 2000 23:54:47 +0530 (IST)
In-reply-to: <200006051822.UAA13579@soil08.soil.nl>
References: <200006051822.UAA13579@soil08.soil.nl>
Reply-to: ilugc@xxxxxxxxxxxxxxxxxx
Sender: "Ravikant K.Rao" <ravi@xxxxxxxxxxxxxxxxx>
Sender: ilugc-bounce@xxxxxxxxxxxxxxxxxx

Hi,

	Further to the mailx vulnerability, mailx has been fixed to
workaround that bug.

-- ravi

[...]

>>>>> "Wichert" == Wichert Akkerman <wichert@xxxxxxx> writes:

    Wichert> Package: mailx Vulnerability: local exploit
    Wichert> Debian-specific: no

    Wichert> The version of mailx distributed in Debian GNU/Linux 2.1
    Wichert> (a.k.a. slink), as well as in the frozen (potato) and
    Wichert> unstable (woody) distributions is vulnerable to a local
    Wichert> buffer overflow while sending messages.  This could be
    Wichert> exploited to give a shell running with group "mail".

    Wichert> This has been fixed in version 8.1.1-10.1, and we
    Wichert> recommend that you update your mailx package immediately.


    Wichert> Debian GNU/Linux 2.1 alias slink -
    Wichert> --------------------------------

    Wichert>   Source archives:
    Wichert> http://security.debian.org/dists/stable/updates/source/mailx_8.1.1-10.1.diff.gz
    Wichert> MD5 checksum: 13866649fb581d9ca53e2e8c6bb70733
    Wichert> http://security.debian.org/dists/stable/updates/source/mailx_8.1.1-10.1.dsc
    Wichert> MD5 checksum: 87d8fd019a35aba4041ba12cbde64ee6
    Wichert> http://security.debian.org/dists/stable/updates/source/mailx_8.1.1.orig.tar.gz
    Wichert> MD5 checksum: c779002cb043b57fd5198ec2032cacb0

    Wichert>   This version of Debian is not yet released.  Fixes are
    Wichert> currently available for Intel ia32, the Motorola 680x0,
    Wichert> the Alpha, and the Sun Sparc architecture.  Fixes for
    Wichert> other architectures will be available soon.

    Wichert> Debian Unstable alias woody - ---------------------------

    Wichert>   A fix will be available in the unstable archive soon.

    Wichert> For apt-get: deb http://security.debian.org/ stable
    Wichert> updates For dpkg-ftp:
    Wichert> ftp://security.debian.org/debian-security
    Wichert> dists/stable/updates Mailing list:
    Wichert> debian-security-announce@xxxxxxxxxxxxxxxx



-- 
Ravikant K.Rao : http://www.symonds.net/~ravi/
Primary Email  : <ravi@xxxxxxxxxxx> | PGP: 9544A4A1   GPG: 1024D/C2FC752D
---
Send e-mail to 'ilugc-request@xxxxxxxxxxxxxxxxxx' with 'unsubscribe' 
in either the subject or the body to unsubscribe from this list.

Prev by Subject: [SECURITY-Debian] New verion of dhcp released
Next by Subject: [update] MySQL is now GPL'ed...
Previous by thread: Re: mess. to arun - need seminar on PGP/GPG
Next by thread: Trouble with XF 3.3.6
Index(es):
- Subject
- Thread