---

Home Security

Advisories, March 23, 2006

By

Debian GNU/Linux

Debian Security Advisory DSA 1014-1 [email protected]
http://www.debian.org/security/
Martin Schulze
March 23rd, 2006 http://www.debian.org/security/faq

Package : firebird2
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2004-2043
BugTraq ID : 10446
Debian Bug : 357580

Aviram Jenik and Damyan Ivanov discovered a buffer overflow in
firebird2, an RDBMS based on InterBase 6.0 code, that allows remote
attackers to crash.

The old stable distribution (woody) does not contain firebird2
packages.

For the stable distribution (sarge) this problem has been fixed
in version 1.5.1-4sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 1.5.3.4870-3

We recommend that you upgrade your firebird2 packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/f/firebird2/firebird2_1.5.1-4sarge1.dsc

      Size/MD5 checksum: 1062
ef652b5e7bcdb96d3225a9c89dc49d04
    http://security.debian.org/pool/updates/main/f/firebird2/firebird2_1.5.1-4sarge1.diff.gz

      Size/MD5 checksum: 62850
cf98054d0eaf1645152472422d7af90f
    http://security.debian.org/pool/updates/main/f/firebird2/firebird2_1.5.1.orig.tar.gz

      Size/MD5 checksum: 7086993
6f8b02abb15c42959dd4b2246ac457f7

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/f/firebird2/firebird2-classic-server_1.5.1-4sarge1_i386.deb

      Size/MD5 checksum: 279582
0b0aeb8bdb066a5553a11bb809dad2bf
    http://security.debian.org/pool/updates/main/f/firebird2/firebird2-dev_1.5.1-4sarge1_i386.deb

      Size/MD5 checksum: 252430
eed67eb369a1138e13429d2f681a295b
    http://security.debian.org/pool/updates/main/f/firebird2/firebird2-examples_1.5.1-4sarge1_i386.deb

      Size/MD5 checksum: 306464
08e60d8f5dc90778c191a59065bc9669
    http://security.debian.org/pool/updates/main/f/firebird2/firebird2-server-common_1.5.1-4sarge1_i386.deb

      Size/MD5 checksum: 553492
d14ee56363b30bfb24bcfd96557a68cc
    http://security.debian.org/pool/updates/main/f/firebird2/firebird2-super-server_1.5.1-4sarge1_i386.deb

      Size/MD5 checksum: 1128322
69b5f3bb509d5e6106d8c4435811c35c
    http://security.debian.org/pool/updates/main/f/firebird2/firebird2-utils-classic_1.5.1-4sarge1_i386.deb

      Size/MD5 checksum: 806716
cca7a990bf6e780e75202d720f1262ed
    http://security.debian.org/pool/updates/main/f/firebird2/firebird2-utils-super_1.5.1-4sarge1_i386.deb

      Size/MD5 checksum: 833590
54476cbfee6665095cdb53d7d9f1af14
    http://security.debian.org/pool/updates/main/f/firebird2/libfirebird2-classic_1.5.1-4sarge1_i386.deb

      Size/MD5 checksum: 1206698
15789a38826defd8b7c1fd8495cbee0e
    http://security.debian.org/pool/updates/main/f/firebird2/libfirebird2-super_1.5.1-4sarge1_i386.deb

      Size/MD5 checksum: 360926
5c813ee2caf36482f66164759b8dadbb

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 1015-1 [email protected]
http://www.debian.org/security/
Martin Schulze
March 23rd, 2006 http://www.debian.org/security/faq

Package : sendmail
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-0058
CERT advisory : VU#834865

Mark Dowd discovered a flaw in the handling of asynchronous
signals in sendmail, a powerful, efficient, and scalable mail
transport agent. This allows a remote attacker may to exploit a
race condition to execute arbitrary code as root.

For the old stable distribution (woody) this problem has been
fixed in version 8.12.3-7.2.

For the stable distribution (sarge) this problem has been fixed
in version 8.13.4-3sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 8.13.6-1.

We recommend that you upgrade your sendmail package
immediately.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2.dsc

      Size/MD5 checksum: 753
e88f300c970924d33b8ba8ea2b3eae6b
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2.diff.gz

      Size/MD5 checksum: 277212
96008f9276955cd69add11424604e8e4
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz

      Size/MD5 checksum: 1840401
b198b346b10b3b5afc8cb4e12c07ff4d

Architecture independent components:

    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-7.2_all.deb

      Size/MD5 checksum: 747982
c253bf2db4f202a880396249318df054

Alpha architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_alpha.deb

      Size/MD5 checksum: 267946
5cc2f292308e753286150b9f5f0dc598
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_alpha.deb

      Size/MD5 checksum: 1107346
cee76bc87880b6d986337cb758bdd9e6

ARM architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_arm.deb

      Size/MD5 checksum: 247798
b47e73e4eb91410308ff3d7772986c9b
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_arm.deb

      Size/MD5 checksum: 979674
d03f90f8d57fa4bbe2f90776a487680e

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_i386.deb

      Size/MD5 checksum: 237492
75116396559388f01e199773e2dda2a3
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_i386.deb

      Size/MD5 checksum: 917446
0fd30312a872b9a3d1ba7c3e6c3d46b5

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_ia64.deb

      Size/MD5 checksum: 282384
4ce505c68a5434df2a6d196b87884e78
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_ia64.deb

      Size/MD5 checksum: 1332476
863dd30db60027d3efe5028c09b12805

HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_hppa.deb

      Size/MD5 checksum: 261800
b7d14fc3ef6fc0b07068970659c4916a
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_hppa.deb

      Size/MD5 checksum: 1081594
8c154a46eb55b2c65399ced49674fcac

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_m68k.deb

      Size/MD5 checksum: 231320
e8bcfb54013b87753ddf6f146a38ed1d
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_m68k.deb

      Size/MD5 checksum: 865750
0d10292b121fcaee2ec8e7362528ac45

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_mips.deb

      Size/MD5 checksum: 255544
f64577662a0d9385b2e451696f9d4d71
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_mips.deb

      Size/MD5 checksum: 1024626
68dd1d411341a29cec916d081c78653f

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_mipsel.deb

      Size/MD5 checksum: 255318
44a704f72834bd7e61e40419ed892f9a
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_mipsel.deb

      Size/MD5 checksum: 1025096
ebff9cf403b127d5c5b37678435c9a59

PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_powerpc.deb

      Size/MD5 checksum: 257626
6c320d8d0eec5301975d14ec7632042e
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_powerpc.deb

      Size/MD5 checksum: 979760
9c0fd5bd23d59ca6dc461ffa21464d18

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_s390.deb

      Size/MD5 checksum: 242998
ea909d1747afa18b2c11b8a73cee4d26
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_s390.deb

      Size/MD5 checksum: 966800
958bf2ddae058848aeb49bd7df86d0f4

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_sparc.deb

      Size/MD5 checksum: 245638
600345d0daac2924b9e186330a5f9f71
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_sparc.deb

      Size/MD5 checksum: 982872
b7f58435a7d8049a0678571f4e2cad16

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge1.dsc

      Size/MD5 checksum: 912
eced5184913171b9c96c58dc6b46279b
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge1.diff.gz

      Size/MD5 checksum: 383581
400a529e2e745e5d54d0eb79b47d0e13
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4.orig.tar.gz

      Size/MD5 checksum: 1968047
d80dc659df96c63d227ed80c0c71b708

Architecture independent components:

    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-base_8.13.4-3sarge1_all.deb

      Size/MD5 checksum: 342146
76bd67d4b76fd9896475719e4bb83c52
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-cf_8.13.4-3sarge1_all.deb

      Size/MD5 checksum: 280612
ae20d882572cd061347a21f3df777411
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.13.4-3sarge1_all.deb

      Size/MD5 checksum: 693884
c49f59ed7ddab7d925568bf9cca0a802
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge1_all.deb

      Size/MD5 checksum: 193550
85d828672cb32f212d9c51ba9f4a59f4

Alpha architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_alpha.deb

      Size/MD5 checksum: 318962
054be9a965fe0d26a277f5a8a98e3860
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_alpha.deb

      Size/MD5 checksum: 215538
b6e82eb7fcfe8c6f6d70d086d797c41b
    http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_alpha.deb

      Size/MD5 checksum: 228768
0c6b3040154cc762802326d66b798e68
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_alpha.deb

      Size/MD5 checksum: 953656
81590285d76c7f1d1065fa256e3c0d16
    http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_alpha.deb

      Size/MD5 checksum: 198052
f32099dafc92f3cef8bb70aa724faa2d

AMD64 architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_amd64.deb

      Size/MD5 checksum: 296490
22966058918ee931eed27ffedd1845cf
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_amd64.deb

      Size/MD5 checksum: 213122
9aea29eb85643183224d32b8aaf2384d
    http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_amd64.deb

      Size/MD5 checksum: 225200
cefe11998072135ea099a415e79ba686
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_amd64.deb

      Size/MD5 checksum: 850848
d2861fe4cec727e76248860f04759194
    http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_amd64.deb

      Size/MD5 checksum: 197596
66cb61fbd5994a5ed8572e2161c212d0

ARM architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_arm.deb

      Size/MD5 checksum: 291872
35aae5c6f5979ad62f2c5fb948bad855
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_arm.deb

      Size/MD5 checksum: 211494
5d0c235fedc3fa665f492cc0eb405ca5
    http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_arm.deb

      Size/MD5 checksum: 223606
00e0deaa2f351d66e76aecd5b96cd7f2
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_arm.deb

      Size/MD5 checksum: 829146
ba91e23d646a78ab9bf81184d4105eed
    http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_arm.deb

      Size/MD5 checksum: 197170
09956736b466d15ed9bb7eb220547282

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_i386.deb

      Size/MD5 checksum: 288740
029c9c000ac133ce3c72aef194fb927e
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_i386.deb

      Size/MD5 checksum: 213300
acfda80137ef82bac707e737af27c28b
    http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_i386.deb

      Size/MD5 checksum: 223850
79f561f32701ffc65b3286c9d2b15c2e
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_i386.deb

      Size/MD5 checksum: 813824
cf8af93fb4c550a746f56312b5378196
    http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_i386.deb

      Size/MD5 checksum: 198798
95278a3b872edbc954eb3587faae2ff3

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_ia64.deb

      Size/MD5 checksum: 330628
f8accd0b6b54d974f5f6d0eb0c01d098
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_ia64.deb

      Size/MD5 checksum: 220376
08c4cc7b20eff79b9b7b42c89203f1ee
    http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_ia64.deb

      Size/MD5 checksum: 239602
68274560ddbb6341bee00250bb3966c2
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_ia64.deb

      Size/MD5 checksum: 1162354
ef069d23929b49f045ec4b87af118490
    http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_ia64.deb

      Size/MD5 checksum: 198910
42814633feb7d12ba9b86b0b99b5898a

HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_hppa.deb

      Size/MD5 checksum: 301436
6a44da8d49780bf89e8de21c333af1d3
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_hppa.deb

      Size/MD5 checksum: 215576
965aa367c614665b310cd8a62b287e4b
    http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_hppa.deb

      Size/MD5 checksum: 229332
d1b796e3714f112cd6e647a9401dcbf5
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_hppa.deb

      Size/MD5 checksum: 919600
69abc5aa11ccf4abfef10d42e1a46310
    http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_hppa.deb

      Size/MD5 checksum: 198046
52fc9ce8ca0e65ef2bc3cb8f11b7a6f5

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_m68k.deb

      Size/MD5 checksum: 272712
66c27a318830a6fa64819477338cd23f
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_m68k.deb

      Size/MD5 checksum: 210798
39e8ab1bcb81a8a7284c9b418eca0e29
    http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_m68k.deb

      Size/MD5 checksum: 218808
bb1f4007b54c4e8a23aa279b3ab67cf2
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_m68k.deb

      Size/MD5 checksum: 728192
9a5ab3d6aecdd1148519b0686ba71aff
    http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_m68k.deb

      Size/MD5 checksum: 197104
cbe649dd8c0748821c9ab214b00bf2f0

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_mips.deb

      Size/MD5 checksum: 293096
696541d7935855697b3ca74f34bce650
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_mips.deb

      Size/MD5 checksum: 211980
aa0bf589a3b15a6b5cb5d0c2a2c51f2a
    http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_mips.deb

      Size/MD5 checksum: 227312
2db4f638a58d94799e14deb882386e87
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_mips.deb

      Size/MD5 checksum: 883120
55ff1991c6ce32475afdd292a8ba895f
    http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_mips.deb

      Size/MD5 checksum: 198070
f689f690fbe8dd7726f2bb2c419caff8

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_mipsel.deb

      Size/MD5 checksum: 293902
bd277684c70732ab5edbf8c339ff1f1f
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_mipsel.deb

      Size/MD5 checksum: 212276
4f1ea8a69fbde664a60dec325ab4294d
    http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_mipsel.deb

      Size/MD5 checksum: 227598
52a98a34b8d7d82d34f500c047f1876c
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_mipsel.deb

      Size/MD5 checksum: 886812
ad4d962d2eaceb9123143d66d984fda3
    http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_mipsel.deb

      Size/MD5 checksum: 198250
eb756c3f90723f4feb9b1b4475531064

PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_powerpc.deb

      Size/MD5 checksum: 294318
3416024842aa172fea686e2ed7e93f95
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_powerpc.deb

      Size/MD5 checksum: 214374
a532541dcb05fe73f650e65e5ec391d8
    http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_powerpc.deb

      Size/MD5 checksum: 226788
90c4e2b480235434bd8a101ec88a1b66
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_powerpc.deb

      Size/MD5 checksum: 864680
19b18eef4e5267eb5a79aa5d272a89c1
    http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_powerpc.deb

      Size/MD5 checksum: 197658
9c53a99a1cdfcd5eb88e3bb60ffac707

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_s390.deb

      Size/MD5 checksum: 295110
6d5a6645a56f5f1e5b96ee1edf74d014
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_s390.deb

      Size/MD5 checksum: 213228
4939dd0e6135eaef97186dc78ea0f6a0
    http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_s390.deb

      Size/MD5 checksum: 228616
3c0e7578d0307e8a766d93ab3e8398bd
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_s390.deb

      Size/MD5 checksum: 875030
e6630e78597b3fa8beea3fe0ed6c0570
    http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_s390.deb

      Size/MD5 checksum: 197610
a9b8ff1c29eb5d832f46f37360be0da7

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_sparc.deb

      Size/MD5 checksum: 285328
af47ebab7c6f2c40947d3db63d096b2b
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_sparc.deb

      Size/MD5 checksum: 211552
1ff3266e7fd86a23f75bb893e5e3b293
    http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_sparc.deb

      Size/MD5 checksum: 222818
f4003549477da95806b491419fffd743
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_sparc.deb

      Size/MD5 checksum: 819308
a4ed26ef9608278f2ddbb4342af8df35
    http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_sparc.deb

      Size/MD5 checksum: 197330
7a51e38cfbb62b22752935f4a91af2d8

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 1016-1 [email protected]
http://www.debian.org/security/
Martin Schulze
March 23rd, 2006 http://www.debian.org/security/faq

Package : evolution
Vulnerability : format string vulnerabilities
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-2549 CVE-2005-2550
BugTraq ID : 14532
Debian Bug : 322535

Ulf Härnhammar discovered several format string
vulnerabilities in Evolution, a free groupware suite, that could
lead to crashes of the application or the execution of arbitrary
code.

For the old stable distribution (woody) these problems have been
fixed in version 1.0.5-1woody3.

For the stable distribution (sarge) these problems have been
fixed in version 2.0.4-2sarge1.

For the unstable distribution (sid) these problems have been
fixed in version 2.2.3-3.

We recommend that you upgrade your evolution package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3.dsc

      Size/MD5 checksum: 992
4bafc18ff115d57baa3ecd24feaea244
    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3.diff.gz

      Size/MD5 checksum: 16997
91088d27d6ae64632db5d8fd8eb38f68
    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5.orig.tar.gz

      Size/MD5 checksum: 15010672
d2ffe374b453d28f5456db5af0a7983c

Alpha architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_alpha.deb

      Size/MD5 checksum: 10271404
abcc13e804daccea7e21031124bc60ce
    http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_alpha.deb

      Size/MD5 checksum: 947970
1112c848840fe6148d8694510674c764
    http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_alpha.deb

      Size/MD5 checksum: 623132
42a240c46a0c166eb57040e01b403650

ARM architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_arm.deb

      Size/MD5 checksum: 9282474
3d0f1299d60f5b54e278049870611a46
    http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_arm.deb

      Size/MD5 checksum: 663998
22ebfac4576408d91642d119b4220a4d
    http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_arm.deb

      Size/MD5 checksum: 492764
2d41ff6e38e21dad80e5bc51b7e2fc86

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_i386.deb

      Size/MD5 checksum: 8905760
cbb89adf1743d7b74c25b90a872e5181
    http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_i386.deb

      Size/MD5 checksum: 586138
7311e70c22a6649808bea31000f1d7ff
    http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_i386.deb

      Size/MD5 checksum: 470798
6b32f968b3d825d71b236801a16b0567

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_ia64.deb

      Size/MD5 checksum: 11454846
2cb22139d0cac3722c34c48df0bf9af8
    http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_ia64.deb

      Size/MD5 checksum: 948336
7552edb843b53caf53d3224508a0189f
    http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_ia64.deb

      Size/MD5 checksum: 771248
98ee08a95db9f16bef5eb7a8751859d1

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_m68k.deb

      Size/MD5 checksum: 8876524
30ac372fbf54049e1228ae4ca608c8b0
    http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_m68k.deb

      Size/MD5 checksum: 578502
bc44d6ff350f6af098c60ad997ad67f8
    http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_m68k.deb

      Size/MD5 checksum: 484064
34381b70ae3c9279c406b6f79030e79f

PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_powerpc.deb

      Size/MD5 checksum: 9339960
1c1fa119eadff662c3073a6e1ee48913
    http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_powerpc.deb

      Size/MD5 checksum: 680714
aadb7bf1bb320edd25f1021bfdae34a1
    http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_powerpc.deb

      Size/MD5 checksum: 511438
2be1eca435f231a4b11eb0e1c9d7074c

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_s390.deb

      Size/MD5 checksum: 9219598
aaf3e80bf330bbecac8f1b87ee576fba
    http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_s390.deb

      Size/MD5 checksum: 640984
ee45e556fb092664f46d635385e8cab9
    http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_s390.deb

      Size/MD5 checksum: 522988
d8863a51afa2c766ad7d78cee549a23f

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_sparc.deb

      Size/MD5 checksum: 9393448
990f7a21e2c5b4e3e6ba1d8a50043c76
    http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_sparc.deb

      Size/MD5 checksum: 670460
2671f6c973f50c8568b77b85b755586d
    http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_sparc.deb

      Size/MD5 checksum: 510158
4c072ea24dc6118d6d61b1a3db749ecb

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1.dsc

      Size/MD5 checksum: 1168
a2292a9ca384524fc9d8a25ed55d2643
    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1.diff.gz

      Size/MD5 checksum: 292544
0b209003ea32f6d7e3700104635e1c66
    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4.orig.tar.gz

      Size/MD5 checksum: 20968383
d555a0b1d56f0f0b9c33c35b057f73e6

Alpha architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_alpha.deb

      Size/MD5 checksum: 10648352
a57e9c49b24cfd63372c3d40e6340cf1
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_alpha.deb

      Size/MD5 checksum: 160156
4c8f0ea25015505749159294fa22906a

AMD64 architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_amd64.deb

      Size/MD5 checksum: 10447740
8d7960769fa930794c3df1741cc898d0
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_amd64.deb

      Size/MD5 checksum: 160142
b914752e7ede45830f563cfde1724223

ARM architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_arm.deb

      Size/MD5 checksum: 10251522
f9b05a70ca7de94376f9f743afafd253
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_arm.deb

      Size/MD5 checksum: 160330
ad5edfcb8bd6e02da9a64ac5002f1a5d

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_i386.deb

      Size/MD5 checksum: 10229060
370666f99b412a2e22e27574daa63bbf
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_i386.deb

      Size/MD5 checksum: 160292
fd313d654f3fb2ee1d071a2da735a545

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_ia64.deb

      Size/MD5 checksum: 11419362
6320a2e9102d546f9b2f1ca3ca890e93
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_ia64.deb

      Size/MD5 checksum: 160126
f987c7bd28f51bdb7cb62455f4610e40

HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_hppa.deb

      Size/MD5 checksum: 10595896
c8ab1a2efdeeed404fb73bfc7b7e4118
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_hppa.deb

      Size/MD5 checksum: 160234
038a336b6be6e9210741d67985714ac6

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_m68k.deb

      Size/MD5 checksum: 10387694
ccf6b43070a7945aaef6bf809f0e443c
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_m68k.deb

      Size/MD5 checksum: 160526
c4da9290cfaa62a89a99619ff1e1bfa8

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_mips.deb

      Size/MD5 checksum: 10221372
3cb0854e03997e57ad54f9317e304ee2
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_mips.deb

      Size/MD5 checksum: 160194
f652e1196bc80e8730a07c87c9b86818

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_mipsel.deb

      Size/MD5 checksum: 10195392
41333d480ec1c0c630b77029600bcd43
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_mipsel.deb

      Size/MD5 checksum: 160240
50622de422b80440f48e99418c71851d

PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_powerpc.deb

      Size/MD5 checksum: 10286478
9205d9bee4652c88ed8d1f3e81f30c86
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_powerpc.deb

      Size/MD5 checksum: 160192
1b6390ecb75f2786337b6389ec0ba143

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_s390.deb

      Size/MD5 checksum: 10639180
d57b51ed97164a0e5a751ecd494081aa
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_s390.deb

      Size/MD5 checksum: 160176
c180a583c2c7f60e6d764b7cd7810caf

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_sparc.deb

      Size/MD5 checksum: 10349436
f9bff087eb94d745ef0a69bd9bbe43b0
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_sparc.deb

      Size/MD5 checksum: 160218
38ca6ef8c9916964aff746597cc06c75

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200603-21

http://security.gentoo.org/

Severity: High
Title: Sendmail: Race condition in the handling of asynchronous
signals
Date: March 22, 2006
Bugs: #125623
ID: 200603-21

Synopsis

Sendmail is vulnerable to a race condition which could lead to
the execution of arbitrary code with sendmail privileges.

Background

Sendmail is a popular mail transfer agent (MTA).

Affected packages

     Package            /  Vulnerable  /                    Unaffected

  1  mail-mta/sendmail      < 8.13.6                         >= 8.13.6

Description

ISS discovered that Sendmail is vulnerable to a race condition
in the handling of asynchronous signals.

Impact

An attacker could exploit this via certain crafted timing
conditions.

Workaround

There is no known workaround at this time.

Resolution

All Sendmail users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=mail-mta/sendmail-8.13.6"

References

[ 1 ] CVE-2006-0058

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058

[ 2 ] Sendmail Inc. advisory

http://www.sendmail.com/company/advisory/index.shtml

Availability

This GLSA

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.