Debian Linux Security Advisory 1802-2

Debian Linux Security Advisory 1802-2: Posted May 24, 2009; Authored by Debian | Site debian.org; Debian Security Advisory 1802-2 - Michal Hlavinka discovered that the fix for code execution in the map_yp_alias function, known as CVE-2009-1579 and released in DSA 1802-1, was incomplete. This update corrects the fix for that function.; tags | advisory, code execution; systems | linux, debian; advisories | CVE-2009-1578, CVE-2009-1579, CVE-2009-1580, CVE-2009-1581, CVE-2009-1381; SHA-256 | 427516df8ef9ab4b92105500b37d7a760f482163d4eb284532448ec29c628c7f; Download | Favorite | View

Debian Linux Security Advisory 1802-2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1802-2                  security@debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
May 21, 2009                          http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : squirrelmail
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2009-1578 CVE-2009-1579 CVE-2009-1580 CVE-2009-1581
                 CVE-2009-1381
Debian Bug     : 528528

Michal Hlavinka discovered that the fix for code execution in the
map_yp_alias function, known as CVE-2009-1579 and released in DSA 1802-1,
was incomplete. This update corrects the fix for that function.

For the old stable distribution (etch), this problem has been fixed in
version 1.4.9a-5.

For the stable distribution (lenny), this problem has been fixed in
version 1.4.15-4+lenny2.

For the unstable distribution (sid), this problem has been fixed in
version 1.4.19-1

We recommend that you upgrade your squirrelmail package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a-5.dsc
    Size/MD5 checksum:     1021 23e85a9813bd2236e3f104ac0fa1bf6f
  http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a.orig.tar.gz
    Size/MD5 checksum:   598950 5b19f8cc5badef91d1f2410df41564bc
  http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a-5.diff.gz
    Size/MD5 checksum:    27766 9858f9f2186d14e6b22d32c5bcc9f72b

Architecture independent packages:

  http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a-5_all.deb
    Size/MD5 checksum:   593684 cb5fada1f8fe8d8be5fa73919ac159b1

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15-4+lenny2.diff.gz
    Size/MD5 checksum:    26725 511fe282670270af990414215eba096f
  http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15.orig.tar.gz
    Size/MD5 checksum:   621320 87b466fef98e770307afffd75fe25589
  http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15-4+lenny2.dsc
    Size/MD5 checksum:     1524 449f565284127b1419212596d76b970e

Architecture independent packages:

  http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15-4+lenny2_all.deb
    Size/MD5 checksum:   609144 97dd3ba6de9553b68b6e398ae627e87f


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJKFaJDAAoJECIIoQCMVaAcKokH/RgNHrF9WeNHY0krmxtH1YuU
r+cmnJ1UA0l/aIGDHiJIBhRzlfRDuLlBmD+cy282wtoP5uDBW6EoyA3d8HWJVOah
j3eMEF/28KXYBxru0DCsd85KpowmibP43dn9i3ne37coOpOBbMn0UGP7UQbNimR4
/iKY99SSaq95DIQwhLDylmHWxW/wPSkolyFyjN514aLNd6hjFIlSg1XGuf+pOz6S
n+fn6KeG0mbiP6PaqR38UdiUcVswTKziAW0V1rHkJMJVOBU0B3vEpErI9gVCsTsb
6QLQMemtC909iqJo2kMjjcTDllgCyJwFPZUhpHoJwDKHpaogxCrv5KlwvmZxd70=
=Ju2s
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Linux Security Advisory 1802-2

Debian Linux Security Advisory 1802-2

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Linux Security Advisory 1802-2

Share This

Debian Linux Security Advisory 1802-2

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems