[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:36651] Forward: [SECURITY] [DSA 278-1] New sendmail packages fix denial of service



ã“ã®DSAã¯potatoã«ã‚‚é©ç”¨ã•ã‚Œã¾ã™ã€‚

ç¾åœ¨ã® Debian 安定版 (3.0 woody) ã«ã‚»ã‚­ãƒ¥ãƒªãƒ†ã‚£ã«é–¢ã™ã‚‹æ·±åˆ»ãªå•é¡ŒãŒç™ºè¦‹
ã•ã‚Œã¾ã—ãŸã€‚

対象パッケージ: sendmail

対処済ã¿ã®ãƒ‘ッケージã«æ›´æ–°ã™ã‚‹ã«ã¯ã€

deb http://security.debian.org/ stable/updates main contrib non-free

ã‚’ /etc/apt/sources.list ã«è¿½åŠ ã—ã€

apt-get update ; apt-get upgrade

を実行ã—ã¦ãã ã•ã„。

詳細ã«ã¤ã„ã¦ã¯æ·»ä»˜ã®ã‚¢ãƒŠã‚¦ãƒ³ã‚¹ã‚’ã”覧ãã ã•ã„。

--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 278-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
April 4th, 2003                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : sendmail
Vulnerability  : char-to-int conversion
Problem-Type   : local, maybe remote
Debian-specific: no
CVE Id         : CAN-2003-0161
CERT Id        : VU#897604 CA-2003-12

Michal Zalewski discovered a buffer overflow, triggered by a char to
int conversion, in the address parsing code in sendmail, a widely used
powerful, efficient, and scalable mail transport agent.  This problem
is potentially remotely exploitable.

For the stable distribution (woody) this problem has been
fixed in version 8.12.3-6.2.

For the stable distribution (woody) this problem has been
fixed in version 8.9.3-26.

For the unstable distribution (sid) this problem has been
fixed in version 8.12.9-1.

We recommend that you upgrade your sendmail packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.dsc
      Size/MD5 checksum:      649 f11b024ef774130f7918b882a7318c78
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.diff.gz
      Size/MD5 checksum:   143360 2e9868662e4e28e548ed9f6da2982b41
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3.orig.tar.gz
      Size/MD5 checksum:  1068290 efedacfbce84a71d1cfb0e617b84596e

  Alpha architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_alpha.deb
      Size/MD5 checksum:   989736 a435c32c79785261bd0e7ec921718915

  ARM architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_arm.deb
      Size/MD5 checksum:   948306 1bdd277a28bd6a6c3c812053d11b1edd

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_i386.deb
      Size/MD5 checksum:   931838 36c569e21502a246dbdfba711b54842e

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_m68k.deb
      Size/MD5 checksum:   917632 8ed928ac433a6be8d3144bb435bf1cfd

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_powerpc.deb
      Size/MD5 checksum:   933820 000557eff8d57fa2e479e8df52348f0b

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_sparc.deb
      Size/MD5 checksum:   945760 c2e0e3d1edb05a00d3e5b0d8ca1053c8


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2.dsc
      Size/MD5 checksum:      761 9eae4393094b7b163ecdddcd16dad19e
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2.diff.gz
      Size/MD5 checksum:   253152 1fcbf7838b267d06a8c6258d3ff56488
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz
      Size/MD5 checksum:  1840401 b198b346b10b3b5afc8cb4e12c07ff4d

  Architecture independent components:

    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-6.2_all.deb
      Size/MD5 checksum:   747408 5d83e06ac78cb55eabb9334235ec82ab

  Alpha architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_alpha.deb
      Size/MD5 checksum:   267450 a8fd2edcabf581c8cef66fc1dcb5a8aa
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_alpha.deb
      Size/MD5 checksum:  1218398 cf5503083ecacd7049171922e2fe15c7

  ARM architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_arm.deb
      Size/MD5 checksum:   247160 2a01bee8674426bc1a3ef3c40a39e4a1
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_arm.deb
      Size/MD5 checksum:  1066282 2dc41903235f6a88de369807e633f8c9

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_i386.deb
      Size/MD5 checksum:   236942 fb790940bcdfcd6231db136c6d381cb5
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_i386.deb
      Size/MD5 checksum:  1003484 b995fe58b4669c44eb52182dd9418418

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_ia64.deb
      Size/MD5 checksum:   281624 52e26ea36d2368392903adf05d89dd34
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_ia64.deb
      Size/MD5 checksum:  1482096 046c02549910b1a8392ddef7a562e5d9

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_hppa.deb
      Size/MD5 checksum:   261292 004fae2b6c8a12754521a18aa8086587
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_hppa.deb
      Size/MD5 checksum:  1183440 4fdef1c4f769dc00819e0c50baefb542

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_m68k.deb
      Size/MD5 checksum:   230756 eb81cfe3246e10351b018a16e29256cf
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_m68k.deb
      Size/MD5 checksum:   941698 18db8d5f9145f614525bca339b115aac

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_mips.deb
      Size/MD5 checksum:   254796 bde3bab2d8ca1cb7703284fb91ef1317
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_mips.deb
      Size/MD5 checksum:  1125560 cb304f8b210a750d63596649ba4e7b98

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_mipsel.deb
      Size/MD5 checksum:   254492 94d3ac5c26ff850e528c8daa51b725d2
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_mipsel.deb
      Size/MD5 checksum:  1126774 d47df658c70fa4f25fd83b1fa28c8a87

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_powerpc.deb
      Size/MD5 checksum:   256894 a3b2e7c0ce91f7d539d9f0494b71a236
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_powerpc.deb
      Size/MD5 checksum:  1073152 afd5d2e123ec40833f6e8b8143a0afbe

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_s390.deb
      Size/MD5 checksum:   242242 a87e4e47fcaacc7d289b8431d5c665d5
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_s390.deb
      Size/MD5 checksum:  1049752 32146f341d640d20afb522b4653e8b75

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_sparc.deb
      Size/MD5 checksum:   244946 d55d99adf61e55a08a0fa91a65ffca67
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_sparc.deb
      Size/MD5 checksum:  1069378 0383d42cdb29769f398df70bee7ea8b5


  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+jYPOW5ql+IAeqTIRAqM4AJ4/Cpm8vDtkAJH80pSrJR9thxn+kACgrL4j
NLanIAgTIaNcIZT9wUvQXdE=
=QaeW
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

--- End Message ---