PLDSA [5-1] New masqmail packages fix buffer overflows

Krzysiek Taraszka dzimi at pld.org.pl
Sat Jan 4 13:20:32 CET 2003


- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 5-1                        security at pld.org.pl
http://www.pld.org.pl/security/                          PLD Security Team
22 December 2002 			http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------

Package        : masqmail prior to 0.2.6-2
Vulnerability  : buffer overflows
Problem-Type   : local
PLD-specific   : no

A set of buffer overflows have been discovered in masqmail, a mail
transport agent for hosts without permanent internet connection.  In
addition to this privileges were dropped only after reading a user
supplied configuration file.  Together this could be exploited to gain
unauthorized root access to the machine on which masqmail is
installed.

The above problems have been fixed in version 0.2.17-1 for the
current stable distribution (ra).

We recommend that you upgrade your masqmail packages.

wget -c url
	will fetch the file for you
rpm -Uhv file(s)*.rpm
        will upgrade the referenced file.

If you are using "poldek" - the package manager, use the line as given below
for upgrade packages

poldek --update
        will update the internal database
poldek --upgrade 'masqmail*'
        will install corrected packages

If you are using "apt" - the package manager, use the line as given below
for upgrade packages

apt-get update
        will update the internal database
apt-get upgrade 'masqmail*'
        will install corrected packages

PLD Linux 1.0 alias ra
- --------------------

  Source archives:

ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/masqmail-0.2.17-1.src.rpm
       MD5 checksum: ba4b09fc812566f86d4753057e6f0805

  I386 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/masqmail-0.2.17-1.i386.rpm
       MD5 checksum: e85ac1665347f3051c2251ccfe1063c2


  I586 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/masqmail-0.2.17-1.i586.rpm
       MD5 checksum: dd362f17d6912ab33dc9168ea1071a74


  I686 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/masqmail-0.2.17-1.i686.rpm
       MD5 checksum: 499bba3ce0579ee7fe72a20a5c472c43


  PowerPC Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/masqmail-0.2.17-1.ppc.rpm
       MD5 checksum: 46542c48dda0218e906b5875ddba470c


-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.

For i386 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security



More information about the pld-security-announce mailing list