Date: Mon, 5 Jun 2000 20:22:06 +0200
From: Wichert Akkerman wichert@soil.nl
To: debian-security-announce@lists.debian.org
Subject: [SECURITY] New version of mailx released
Debian Security Advisory security@debian.org http://www.debian.org/security/ Daniel Jacobowitz June 5, 2000
Package: mailx
Vulnerability: local exploit
Debian-specific: no
The version of mailx distributed in Debian GNU/Linux 2.1 (a.k.a.
slink), as well as in the frozen (potato) and unstable (woody)
distributions is vulnerable to a local buffer overflow while
sending messages. This could be exploited to give a shell running
with group “mail”.
This has been fixed in version 8.1.1-10.1, and we recommend that
you update your mailx package immediately.
Debian GNU/Linux 2.1 alias slink
This version of Debian was released only for Intel ia32, the
Motorola 680×0, the Alpha, and the Sun Sparc architecture.
Source archives:
http://security.debian.org/dists/stable/updates/source/mailx_8.1.1-10.1.diff.gz
MD5 checksum: 13866649fb581d9ca53e2e8c6bb70733
http://security.debian.org/dists/stable/updates/source/mailx_8.1.1-10.1.dsc
MD5 checksum: 87d8fd019a35aba4041ba12cbde64ee6
http://security.debian.org/dists/stable/updates/source/mailx_8.1.1.orig.tar.gz
MD5 checksum: c779002cb043b57fd5198ec2032cacb0
Alpha architecture:
http://security.debian.org/dists/stable/updates/binary-alpha/mailx_8.1.1-10.1_alpha.deb
MD5 checksum: 6da920f8c1d5a4924e88982923cfe5bb
Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/binary-i386/mailx_8.1.1-10.1_i386.deb
MD5 checksum: f2b17ff796cc5209700f5d58803d9c77
Motorola 680×0 architecture:
http://security.debian.org/dists/stable/updates/binary-m68k/mailx_8.1.1-10.1_m68k.deb
MD5 checksum: 908eece4836b1f021d6f29abdd8360a5
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/binary-sparc/mailx_8.1.1-10.1_sparc.deb
MD5 checksum: e38842ada3f9eac9dd5b1ec836f0ea63
Debian 2.2 alias potato
This version of Debian is not yet released. Fixes are currently
available for Intel ia32, the Motorola 680×0, the Alpha, and the
Sun Sparc architecture. Fixes for other architectures will be
available soon.
Source archives:
http://security.debian.org/dists/potato/main/updates/source/mailx_8.1.1-10.1.diff.gz
MD5 checksum: 13866649fb581d9ca53e2e8c6bb70733
http://security.debian.org/dists/potato/main/updates/source/mailx_8.1.1-10.1.dsc
MD5 checksum: 87d8fd019a35aba4041ba12cbde64ee6
http://security.debian.org/dists/potato/main/updates/source/mailx_8.1.1.orig.tar.gz
MD5 checksum: c779002cb043b57fd5198ec2032cacb0
Alpha architecture:
http://security.debian.org/dists/potato/main/updates/binary-alpha/mailx_8.1.1-10.1_alpha.deb
MD5 checksum: 6da920f8c1d5a4924e88982923cfe5bb
Intel ia32 architecture:
http://security.debian.org/dists/potato/main/updates/binary-i386/mailx_8.1.1-10.1_i386.deb
MD5 checksum: f2b17ff796cc5209700f5d58803d9c77
Motorola 680×0 architecture:
http://security.debian.org/dists/potato/main/updates/binary-m68k/mailx_8.1.1-10.1_m68k.deb
MD5 checksum: 908eece4836b1f021d6f29abdd8360a5
Sun Sparc architecture:
http://security.debian.org/dists/potato/main/updates/binary-sparc/mailx_8.1.1-10.1_sparc.deb
MD5 checksum: e38842ada3f9eac9dd5b1ec836f0ea63
Debian Unstable alias woody
A fix will be available in the unstable archive soon.
For apt-get: deb http://security.debian.org/
stable updates
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org