Martin Schulze
04/04/03, 18:35
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 278-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 4th, 2003 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : sendmail
Vulnerability : char-to-int conversion
Problem-Type : local, maybe remote
Debian-specific: no
CVE Id : CAN-2003-0161
CERT Id : VU#897604 CA-2003-12
Michal Zalewski discovered a buffer overflow, triggered by a char to
int conversion, in the address parsing code in sendmail, a widely used
powerful, efficient, and scalable mail transport agent. This problem
is potentially remotely exploitable.
For the stable distribution (woody) this problem has been
fixed in version 8.12.3-6.2.
For the stable distribution (woody) this problem has been
fixed in version 8.9.3-26.
For the unstable distribution (sid) this problem has been
fixed in version 8.12.9-1.
We recommend that you upgrade your sendmail packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato
- ---------------------------------
Source archives:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.dsc
Size/MD5 checksum: 649 f11b024ef774130f7918b882a7318c78
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.diff.gz
Size/MD5 checksum: 143360 2e9868662e4e28e548ed9f6da2982b41
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3.orig.tar.gz
Size/MD5 checksum: 1068290 efedacfbce84a71d1cfb0e617b84596e
Alpha architecture:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_alpha.deb
Size/MD5 checksum: 989736 a435c32c79785261bd0e7ec921718915
ARM architecture:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_arm.deb
Size/MD5 checksum: 948306 1bdd277a28bd6a6c3c812053d11b1edd
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_i386.deb
Size/MD5 checksum: 931838 36c569e21502a246dbdfba711b54842e
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_m68k.deb
Size/MD5 checksum: 917632 8ed928ac433a6be8d3144bb435bf1cfd
PowerPC architecture:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_powerpc.deb
Size/MD5 checksum: 933820 000557eff8d57fa2e479e8df52348f0b
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_sparc.deb
Size/MD5 checksum: 945760 c2e0e3d1edb05a00d3e5b0d8ca1053c8
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2.dsc
Size/MD5 checksum: 761 9eae4393094b7b163ecdddcd16dad19e
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2.diff.gz
Size/MD5 checksum: 253152 1fcbf7838b267d06a8c6258d3ff56488
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz
Size/MD5 checksum: 1840401 b198b346b10b3b5afc8cb4e12c07ff4d
Architecture independent components:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-6.2_all.deb
Size/MD5 checksum: 747408 5d83e06ac78cb55eabb9334235ec82ab
Alpha architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_alpha.deb
Size/MD5 checksum: 267450 a8fd2edcabf581c8cef66fc1dcb5a8aa
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_alpha.deb
Size/MD5 checksum: 1218398 cf5503083ecacd7049171922e2fe15c7
ARM architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_arm.deb
Size/MD5 checksum: 247160 2a01bee8674426bc1a3ef3c40a39e4a1
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_arm.deb
Size/MD5 checksum: 1066282 2dc41903235f6a88de369807e633f8c9
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_i386.deb
Size/MD5 checksum: 236942 fb790940bcdfcd6231db136c6d381cb5
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_i386.deb
Size/MD5 checksum: 1003484 b995fe58b4669c44eb52182dd9418418
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_ia64.deb
Size/MD5 checksum: 281624 52e26ea36d2368392903adf05d89dd34
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_ia64.deb
Size/MD5 checksum: 1482096 046c02549910b1a8392ddef7a562e5d9
HP Precision architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_hppa.deb
Size/MD5 checksum: 261292 004fae2b6c8a12754521a18aa8086587
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_hppa.deb
Size/MD5 checksum: 1183440 4fdef1c4f769dc00819e0c50baefb542
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_m68k.deb
Size/MD5 checksum: 230756 eb81cfe3246e10351b018a16e29256cf
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_m68k.deb
Size/MD5 checksum: 941698 18db8d5f9145f614525bca339b115aac
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_mips.deb
Size/MD5 checksum: 254796 bde3bab2d8ca1cb7703284fb91ef1317
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_mips.deb
Size/MD5 checksum: 1125560 cb304f8b210a750d63596649ba4e7b98
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_mipsel.deb
Size/MD5 checksum: 254492 94d3ac5c26ff850e528c8daa51b725d2
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_mipsel.deb
Size/MD5 checksum: 1126774 d47df658c70fa4f25fd83b1fa28c8a87
PowerPC architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_powerpc.deb
Size/MD5 checksum: 256894 a3b2e7c0ce91f7d539d9f0494b71a236
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_powerpc.deb
Size/MD5 checksum: 1073152 afd5d2e123ec40833f6e8b8143a0afbe
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_s390.deb
Size/MD5 checksum: 242242 a87e4e47fcaacc7d289b8431d5c665d5
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_s390.deb
Size/MD5 checksum: 1049752 32146f341d640d20afb522b4653e8b75
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_sparc.deb
Size/MD5 checksum: 244946 d55d99adf61e55a08a0fa91a65ffca67
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_sparc.deb
Size/MD5 checksum: 1069378 0383d42cdb29769f398df70bee7ea8b5
These files will probably be moved into the stable distribution on
its next revision.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+jYPOW5ql+IAeqTIRAqM4AJ4/Cpm8vDtkAJH80pSrJR9thxn+kACgrL4j
NLanIAgTIaNcIZT9wUvQXdE=
=QaeW
-----END PGP SIGNATURE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 278-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 4th, 2003 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : sendmail
Vulnerability : char-to-int conversion
Problem-Type : local, maybe remote
Debian-specific: no
CVE Id : CAN-2003-0161
CERT Id : VU#897604 CA-2003-12
Michal Zalewski discovered a buffer overflow, triggered by a char to
int conversion, in the address parsing code in sendmail, a widely used
powerful, efficient, and scalable mail transport agent. This problem
is potentially remotely exploitable.
For the stable distribution (woody) this problem has been
fixed in version 8.12.3-6.2.
For the stable distribution (woody) this problem has been
fixed in version 8.9.3-26.
For the unstable distribution (sid) this problem has been
fixed in version 8.12.9-1.
We recommend that you upgrade your sendmail packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato
- ---------------------------------
Source archives:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.dsc
Size/MD5 checksum: 649 f11b024ef774130f7918b882a7318c78
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.diff.gz
Size/MD5 checksum: 143360 2e9868662e4e28e548ed9f6da2982b41
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3.orig.tar.gz
Size/MD5 checksum: 1068290 efedacfbce84a71d1cfb0e617b84596e
Alpha architecture:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_alpha.deb
Size/MD5 checksum: 989736 a435c32c79785261bd0e7ec921718915
ARM architecture:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_arm.deb
Size/MD5 checksum: 948306 1bdd277a28bd6a6c3c812053d11b1edd
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_i386.deb
Size/MD5 checksum: 931838 36c569e21502a246dbdfba711b54842e
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_m68k.deb
Size/MD5 checksum: 917632 8ed928ac433a6be8d3144bb435bf1cfd
PowerPC architecture:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_powerpc.deb
Size/MD5 checksum: 933820 000557eff8d57fa2e479e8df52348f0b
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_sparc.deb
Size/MD5 checksum: 945760 c2e0e3d1edb05a00d3e5b0d8ca1053c8
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2.dsc
Size/MD5 checksum: 761 9eae4393094b7b163ecdddcd16dad19e
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2.diff.gz
Size/MD5 checksum: 253152 1fcbf7838b267d06a8c6258d3ff56488
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz
Size/MD5 checksum: 1840401 b198b346b10b3b5afc8cb4e12c07ff4d
Architecture independent components:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-6.2_all.deb
Size/MD5 checksum: 747408 5d83e06ac78cb55eabb9334235ec82ab
Alpha architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_alpha.deb
Size/MD5 checksum: 267450 a8fd2edcabf581c8cef66fc1dcb5a8aa
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_alpha.deb
Size/MD5 checksum: 1218398 cf5503083ecacd7049171922e2fe15c7
ARM architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_arm.deb
Size/MD5 checksum: 247160 2a01bee8674426bc1a3ef3c40a39e4a1
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_arm.deb
Size/MD5 checksum: 1066282 2dc41903235f6a88de369807e633f8c9
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_i386.deb
Size/MD5 checksum: 236942 fb790940bcdfcd6231db136c6d381cb5
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_i386.deb
Size/MD5 checksum: 1003484 b995fe58b4669c44eb52182dd9418418
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_ia64.deb
Size/MD5 checksum: 281624 52e26ea36d2368392903adf05d89dd34
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_ia64.deb
Size/MD5 checksum: 1482096 046c02549910b1a8392ddef7a562e5d9
HP Precision architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_hppa.deb
Size/MD5 checksum: 261292 004fae2b6c8a12754521a18aa8086587
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_hppa.deb
Size/MD5 checksum: 1183440 4fdef1c4f769dc00819e0c50baefb542
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_m68k.deb
Size/MD5 checksum: 230756 eb81cfe3246e10351b018a16e29256cf
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_m68k.deb
Size/MD5 checksum: 941698 18db8d5f9145f614525bca339b115aac
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_mips.deb
Size/MD5 checksum: 254796 bde3bab2d8ca1cb7703284fb91ef1317
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_mips.deb
Size/MD5 checksum: 1125560 cb304f8b210a750d63596649ba4e7b98
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_mipsel.deb
Size/MD5 checksum: 254492 94d3ac5c26ff850e528c8daa51b725d2
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_mipsel.deb
Size/MD5 checksum: 1126774 d47df658c70fa4f25fd83b1fa28c8a87
PowerPC architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_powerpc.deb
Size/MD5 checksum: 256894 a3b2e7c0ce91f7d539d9f0494b71a236
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_powerpc.deb
Size/MD5 checksum: 1073152 afd5d2e123ec40833f6e8b8143a0afbe
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_s390.deb
Size/MD5 checksum: 242242 a87e4e47fcaacc7d289b8431d5c665d5
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_s390.deb
Size/MD5 checksum: 1049752 32146f341d640d20afb522b4653e8b75
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_sparc.deb
Size/MD5 checksum: 244946 d55d99adf61e55a08a0fa91a65ffca67
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_sparc.deb
Size/MD5 checksum: 1069378 0383d42cdb29769f398df70bee7ea8b5
These files will probably be moved into the stable distribution on
its next revision.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+jYPOW5ql+IAeqTIRAqM4AJ4/Cpm8vDtkAJH80pSrJR9thxn+kACgrL4j
NLanIAgTIaNcIZT9wUvQXdE=
=QaeW
-----END PGP SIGNATURE-----