--- Begin Message ---
- From: Matt Zimmerman <mdz@debian.org>
- Subject: [SECURITY] [DSA-305-1] New sendmail packages fix insecure temporary file creation
- Date: Thu, 15 May 2003 20:21:33 -0400
- Content-disposition: inline
- List-help: <mailto:debian-security-announce-request@lists.debian.org?subject=help>
- List-post: <mailto:debian-security-announce@lists.debian.org>
- List-subscribe: <mailto:debian-security-announce-request@lists.debian.org?subject=subscribe>
- List-unsubscribe: <mailto:debian-security-announce-request@lists.debian.org?subject=unsubscribe>
- Old-return-path: <mdz@xxxxxxxxxxx>
- Priority: urgent
- Resent-date: Thu, 15 May 2003 19:21:41 -0500 (CDT)
- Resent-from: debian-security-announce@lists.debian.org
- Resent-message-id: <ZZJXW.A.YSC.U8Cx-@murphy>
- Resent-sender: debian-security-announce-request@lists.debian.org
- X-bogosity: No, tests=bogofilter, spamicity=0.000000, version=0.11.2
- X-debian: PGP check passed for security officers
- X-loop: debian-security-announce@lists.debian.org
- X-mailing-list: <debian-security-announce@lists.debian.org>
- X-original-to: kmuto@xxxxxxxxxxxxxxx
- X-spam-checker-version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp)
- X-spam-level:
- X-spam-status: No, hits=-121.5 required=10.0 tests=BAYES_00,PGP_SIGNATURE,USER_AGENT_MUTT,USER_IN_WHITELIST, X_LOOP,X_MAILING_LIST autolearn=ham version=2.53
- X-virus-scanned: by amavisd-new-20030314-p1 (Debian) at topstudio.co.jp
- Message-id: <20030516002133.GF31656@xxxxxxxxx>
- User-agent: Mutt/1.5.4i
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 305-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
May 15th, 2003 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : sendmail
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: no
Paul Szabo discovered bugs in three scripts included in the sendmail
package where temporary files were created insecurely (expn,
checksendmail and doublebounce.pl). These bugs could allow an
attacker to gain the privileges of a user invoking the script
(including root).
For the stable distribution (woody) these problems have been fixed in
version 8.12.3-6.4.
For the old stable distribution (potato) these problems have been fixed
in version 8.9.3-26.1.
For the unstable distribution (sid) these problems have been fixed in
version 8.12.9-2.
We recommend that you update your sendmail package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4.dsc
Size/MD5 checksum: 751 a7ee211817b085cd9ec16b91d9b15e40
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4.diff.gz
Size/MD5 checksum: 254004 fdafe4a26c22db6844bfba3cf3f5c150
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz
Size/MD5 checksum: 1840401 b198b346b10b3b5afc8cb4e12c07ff4d
Architecture independent components:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-6.4_all.deb
Size/MD5 checksum: 747626 68962801ab229167f31f52d9b9aea4ca
Alpha architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_alpha.deb
Size/MD5 checksum: 267738 ac9f3641c7256cd406ea6d900fcf478d
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_alpha.deb
Size/MD5 checksum: 1109330 1b259d1b5dc2b7c3d2ed35da6ff14c8d
ARM architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_arm.deb
Size/MD5 checksum: 247474 43abe86241c0ced4931b602505e8f194
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_arm.deb
Size/MD5 checksum: 979268 8618fd412f56022ba4fab7c3c20bd633
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_i386.deb
Size/MD5 checksum: 237226 2044308a32e930663f6a85d67ffe29df
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_i386.deb
Size/MD5 checksum: 917564 ec4d0e7bec9c8b2ff8825d1cdb127609
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_ia64.deb
Size/MD5 checksum: 281920 52d959e3200497065a01940ecdfcd2bc
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_ia64.deb
Size/MD5 checksum: 1332584 bcc17145035c3489bc549394c439b39c
HP Precision architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_hppa.deb
Size/MD5 checksum: 261588 8a723a94e65fae545477c50bc5ddbde0
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_hppa.deb
Size/MD5 checksum: 1081110 bd650bd43791051924346261e00ebdd6
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_m68k.deb
Size/MD5 checksum: 231056 4a895563d173c29e44145799483c74c5
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_m68k.deb
Size/MD5 checksum: 865698 f26fca022aa78eaf55c67eece4fd8b0e
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_mips.deb
Size/MD5 checksum: 255082 245d7936db41f577318588ae8ae15379
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_mips.deb
Size/MD5 checksum: 1022152 3ba322f09c8b7d55e737c0f3e483a950
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_mipsel.deb
Size/MD5 checksum: 254774 b3dde1b51d7adfeae424d9b7ec28310f
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_mipsel.deb
Size/MD5 checksum: 1022550 06afa6f123968a790705e70d04aa3817
PowerPC architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_powerpc.deb
Size/MD5 checksum: 257196 787607f3b0942bdcda2524fee079b685
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_powerpc.deb
Size/MD5 checksum: 978572 c87772f045e8a195a407ca5e2bf9260b
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_s390.deb
Size/MD5 checksum: 242516 0432637a093525753d0d5e99ce202f9f
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_s390.deb
Size/MD5 checksum: 966240 88034a608cb3088d6fd161ef7bac4e4b
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_sparc.deb
Size/MD5 checksum: 245230 2803eeeb467ee54214a5eb1ed0dbe8ae
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_sparc.deb
Size/MD5 checksum: 982536 936f98f405ab5257a16ae8a7f0df98c4
Debian GNU/Linux 2.2 alias potato
- ---------------------------------
Source archives:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.1.dsc
Size/MD5 checksum: 548 21af6ab3f17a5a7a24773f7f983ac22f
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.1.diff.gz
Size/MD5 checksum: 144132 bca5d4b77deafc3de7ddbceaf852b971
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3.orig.tar.gz
Size/MD5 checksum: 1068290 efedacfbce84a71d1cfb0e617b84596e
Alpha architecture:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.1_alpha.deb
Size/MD5 checksum: 990020 d1e11af47d0588338f4df6eacdf1c323
ARM architecture:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.1_arm.deb
Size/MD5 checksum: 949082 a2e76b02dbaac5f4c73d2dd67661c246
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.1_i386.deb
Size/MD5 checksum: 932162 efc055a7886aec1c676473da43a5d697
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.1_m68k.deb
Size/MD5 checksum: 918168 61a2ebfce59a22d7507b78cdcef9ad07
PowerPC architecture:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.1_powerpc.deb
Size/MD5 checksum: 934202 206721bdc8a219ec815b1ac54f7cc774
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.1_sparc.deb
Size/MD5 checksum: 946190 25e16f0521a4c9a0f79496de98926f41
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+xC7MArxCt0PiXR4RAk98AKCPy50K5LRKbEBAniGr6gsgsxFtZwCgyChc
AggRMOJbCPzUzZ1LDefTES8=
=ftmF
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--- End Message ---