---

Debian Security Advisory: Package: mailx

Date: Mon, 5 Jun 2000 20:22:06 +0200
From: Wichert Akkerman wichert@soil.nl
To: debian-security-announce@lists.debian.org
Subject: [SECURITY] New version of mailx released


Debian Security Advisory                                 security@debian.org
http://www.debian.org/security/ Daniel Jacobowitz 
June  5, 2000

Package: mailx
Vulnerability: local exploit
Debian-specific: no

The version of mailx distributed in Debian GNU/Linux 2.1 (a.k.a.
slink), as well as in the frozen (potato) and unstable (woody)
distributions is vulnerable to a local buffer overflow while
sending messages. This could be exploited to give a shell running
with group “mail”.

This has been fixed in version 8.1.1-10.1, and we recommend that
you update your mailx package immediately.

Debian GNU/Linux 2.1 alias slink


This version of Debian was released only for Intel ia32, the
Motorola 680×0, the Alpha, and the Sun Sparc architecture.

Source archives:

http://security.debian.org/dists/stable/updates/source/mailx_8.1.1-10.1.diff.gz

MD5 checksum: 13866649fb581d9ca53e2e8c6bb70733

http://security.debian.org/dists/stable/updates/source/mailx_8.1.1-10.1.dsc

MD5 checksum: 87d8fd019a35aba4041ba12cbde64ee6

http://security.debian.org/dists/stable/updates/source/mailx_8.1.1.orig.tar.gz

MD5 checksum: c779002cb043b57fd5198ec2032cacb0

Alpha architecture:

http://security.debian.org/dists/stable/updates/binary-alpha/mailx_8.1.1-10.1_alpha.deb

MD5 checksum: 6da920f8c1d5a4924e88982923cfe5bb

Intel ia32 architecture:

http://security.debian.org/dists/stable/updates/binary-i386/mailx_8.1.1-10.1_i386.deb

MD5 checksum: f2b17ff796cc5209700f5d58803d9c77

Motorola 680×0 architecture:

http://security.debian.org/dists/stable/updates/binary-m68k/mailx_8.1.1-10.1_m68k.deb

MD5 checksum: 908eece4836b1f021d6f29abdd8360a5

Sun Sparc architecture:

http://security.debian.org/dists/stable/updates/binary-sparc/mailx_8.1.1-10.1_sparc.deb

MD5 checksum: e38842ada3f9eac9dd5b1ec836f0ea63

Debian 2.2 alias potato


This version of Debian is not yet released. Fixes are currently
available for Intel ia32, the Motorola 680×0, the Alpha, and the
Sun Sparc architecture. Fixes for other architectures will be
available soon.

Source archives:

http://security.debian.org/dists/potato/main/updates/source/mailx_8.1.1-10.1.diff.gz

MD5 checksum: 13866649fb581d9ca53e2e8c6bb70733

http://security.debian.org/dists/potato/main/updates/source/mailx_8.1.1-10.1.dsc

MD5 checksum: 87d8fd019a35aba4041ba12cbde64ee6

http://security.debian.org/dists/potato/main/updates/source/mailx_8.1.1.orig.tar.gz

MD5 checksum: c779002cb043b57fd5198ec2032cacb0

Alpha architecture:

http://security.debian.org/dists/potato/main/updates/binary-alpha/mailx_8.1.1-10.1_alpha.deb

MD5 checksum: 6da920f8c1d5a4924e88982923cfe5bb

Intel ia32 architecture:

http://security.debian.org/dists/potato/main/updates/binary-i386/mailx_8.1.1-10.1_i386.deb

MD5 checksum: f2b17ff796cc5209700f5d58803d9c77

Motorola 680×0 architecture:

http://security.debian.org/dists/potato/main/updates/binary-m68k/mailx_8.1.1-10.1_m68k.deb

MD5 checksum: 908eece4836b1f021d6f29abdd8360a5

Sun Sparc architecture:

http://security.debian.org/dists/potato/main/updates/binary-sparc/mailx_8.1.1-10.1_sparc.deb

MD5 checksum: e38842ada3f9eac9dd5b1ec836f0ea63

Debian Unstable alias woody


A fix will be available in the unstable archive soon.


For apt-get: deb http://security.debian.org/
stable updates
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis