Debian Security Advisory: New version of mailx released | Linux Today

Debian Security Advisory: New version of mailx released

Written By
Web Webster
Web Webster
Aug 9, 2000

Date: Tue, 8 Aug 2000 23:10:51 -0700
From: Wichert Akkerman wichert@cistron.nl
To: debian-security-announce@lists.debian.org
Subject: [SECURITY] New version of mailx released

-----BEGIN PGP SIGNED MESSAGE-----

Debian Security Advisory                                security@debian.org
http://www.debian.org/security/                   Wichert Akkerman 
August  8, 2000

Package        : mailx
Problem type   : local exploit
Debian-specific: no

mailx is a often used by other programs to send email.
Unfortunately mailx as distributed in Debian GNU/Linux 2.1 has some
features that made it possible to execute system commands if a user
can trick a privileged program to send email using /usr/bin/mail.

This has been fixed in version 8.1.1-10.1.1slink.2 by no longer
allowing all configuration options to be set using the
environment.

We recommend you upgrade your mailx package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.1 alias slink


This version of Debian was released only for Intel, the Motorola
680×0, the alpha and the Sun sparc architecture.

Source archives:

http://security.debian.org/dists/stable/updates/source/mailx_8.1.1-10.1.1slink.2.diff.gz

MD5 checksum: edcd9210ef001cfde91252abd3547ab1

http://security.debian.org/dists/stable/updates/source/mailx_8.1.1-10.1.1slink.2.dsc

MD5 checksum: 508850b252b8f4797cfc38ce3e63ac57

http://security.debian.org/dists/stable/updates/source/mailx_8.1.1.orig.tar.gz

MD5 checksum: c779002cb043b57fd5198ec2032cacb0

Alpha architecture:

http://security.debian.org/dists/stable/updates/binary-alpha/mailx_8.1.1-10.1.1slink.2_alpha.deb

MD5 checksum: 8a218e08fd337c260504ffce82954426

Intel ia32 architecture:

http://security.debian.org/dists/stable/updates/binary-i386/mailx_8.1.1-10.1.1slink.2_i386.deb

MD5 checksum: 1eb602833806b8a7a3d30a2515eadf72

Motorola 680×0 architecture:

http://security.debian.org/dists/stable/updates/binary-m68k/mailx_8.1.1-10.1.1slink.2_m68k.deb

MD5 checksum: b31f0ec28bd6a42108f1bb51e6795fed

Sun Sparc architecture:

http://security.debian.org/dists/stable/updates/binary-sparc/mailx_8.1.1-10.1.1slink.2_sparc.deb

MD5 checksum: e6f6f193c85b45f9220fa9819326d6ac

These files will be moved into
ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/
soon.

Debian GNU/Linux 2.2 alias potato


Please note that woody has not been released yet. However since
potato is very close to being release security updates are already
being made available on security.debian.org.

Potato will be release for alpha, arm, i386, m68k, powerpc and
sparc. However at this moment fixes are not available for all
architectures. Packages for architectures not mentioned here will
be available shortly on security.debian.org .

Source archives:

http://security.debian.org/dists/potato/updates/main/source/mailx_8.1.1-10.1.3.diff.gz

MD5 checksum: 95f3a7a1305c6c276471d02f33d0c837

http://security.debian.org/dists/potato/updates/main/source/mailx_8.1.1-10.1.3.dsc

MD5 checksum: fea46d4eb874052ff4b440fac3c0c976

http://security.debian.org/dists/potato/updates/main/source/mailx_8.1.1.orig.tar.gz

MD5 checksum: c779002cb043b57fd5198ec2032cacb0

Alpha architecture:

http://security.debian.org/dists/potato/updates/main/binary-alpha/mailx_8.1.1-10.1.3_alpha.deb

MD5 checksum: d85e6f8ca7822c36d2947cc5f07c9d59

ARM architecture:

http://security.debian.org/dists/potato/updates/main/binary-arm/mailx_8.1.1-10.1.3_arm.deb

MD5 checksum: 37bd5565a76a96391ca6cf3c2116d74b

Intel ia32 architecture:

http://security.debian.org/dists/potato/updates/main/binary-i386/mailx_8.1.1-10.1.3_i386.deb

MD5 checksum: fefd4a769160b8a1ed25df4d62dc4a2b

PowerPC architecture:

http://security.debian.org/dists/potato/updates/main/binary-powerpc/mailx_8.1.1-10.1.3_powerpc.deb

MD5 checksum: 990e9168c99dc1661011577c203a8d53

Sun Sparc architecture:

http://security.debian.org/dists/potato/updates/main/binary-sparc/mailx_8.1.1-10.1.3_sparc.deb

MD5 checksum: 9ccb4cc89c5d9ec6e912034ff1584b90

For not yet released architectures please refer to the
appropriate directory
ftp://ftp.debian.org/debian/dists/sid/binary-$arch/
.


For apt-get: deb http://security.debian.org/
stable updates
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates Mailing list:
debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBOZD16ajZR/ntlUftAQEZawL/et1fP+gJeK00Thjk+j8EfjwMD0nHXlEY
dEJKvFPhLSFXjzNR6ikhTi4vp81mhzJ9r14lzlRtaFS5O3t7R/BDN7QHqoIec+hh
gMeAuuPd1HJ+7diSZmyOeahbkG9oiRXJ
=/5IH
-----END PGP SIGNATURE-----
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.