OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Wichert Akkerman (wichertwiggy.net)
Date: Wed Jan 02 2002 - 11:38:43 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----

    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-096-1 securitydebian.org
    http://www.debian.org/security/ Wichert Akkerman
    January 2, 2002
    - ------------------------------------------------------------------------

    Package : mutt
    Problem type : buffer overflow
    Debian-specific: no

    Joost Pol found a buffer overflow in the address handling code of
    mutt (a popular mail user agent). Even though this is a one byte
    overflow this is exploitable.

    This has been fixed upstream in version 1.2.5.1 and 1.3.25. The
    relevant patch has been added to version 1.2.5-5 of the Debian
    package.

    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.

    Debian GNU/Linux 2.2 alias potato
    - ---------------------------------

      Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
      At this moment packages for sparc are not yet available.

      Source archives:
        http://security.debian.org/dists/stable/updates/main/source/mutt_1.2.5-5.diff.gz
          MD5 checksum: 04f7c13c3bf6a1d4fcb4bf1a594522a1
        http://security.debian.org/dists/stable/updates/main/source/mutt_1.2.5-5.dsc
          MD5 checksum: 0ba73a6dd8029339329c27b56087ebce
        http://security.debian.org/dists/stable/updates/main/source/mutt_1.2.5.orig.tar.gz
          MD5 checksum: 0ba5367059abdd55daceb82dce6be42f

      Alpha architecture:
        http://security.debian.org/dists/stable/updates/main/binary-alpha/mutt_1.2.5-5_alpha.deb
          MD5 checksum: b206557565607833551219ff67737cd4

      ARM architecture:
        http://security.debian.org/dists/stable/updates/main/binary-arm/mutt_1.2.5-5_arm.deb
          MD5 checksum: 57c0c2602c3bfde3f459f01515432eac

      Intel IA-32 architecture:
        http://security.debian.org/dists/stable/updates/main/binary-i386/mutt_1.2.5-5_i386.deb
          MD5 checksum: d72fa58b0914762674648a68d410b4b9

      Motorola 680x0 architecture:
        http://security.debian.org/dists/stable/updates/main/binary-m68k/mutt_1.2.5-5_m68k.deb
          MD5 checksum: 266c451cee06693e7f40917b0465981a

      PowerPC architecture:
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/mutt_1.2.5-5_powerpc.deb
          MD5 checksum: aec60dae6148ac9da29c111e70ea77b0

      These packages will be moved into the stable distribution on its next
      revision.

    For not yet released architectures please refer to the appropriate
    directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

    - --
    - ----------------------------------------------------------------------------
    apt-get: deb http://security.debian.org/ stable/updates main
    dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: debian-security-announcelists.debian.org

    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.3ia
    Charset: noconv

    iQB1AwUBPDNFlajZR/ntlUftAQHLowMAlDOIzMX02myWrdk4h487ZxhPBK86i47O
    C8cDu9p4O4+39HkZNU+YNQs3+wZT5JaYnrBBiYryjDDqxXhzMDwbKYv534QuNZH9
    t/1AsqUXp+veutwpWXuFT742TwsiCtW4
    =xDVb
    -----END PGP SIGNATURE-----