|
|
Subscribe / Log in / New account

Trustix alert TSLSA-2004-0043 (courier-imap)



From:
    	      Trustix Security Advisor <tsl@trustix.org>


To:
    	      tsl-announce@lists.trustix.org


Subject:
    	      TSL-2004-0043 - multi


Date:
    	      Thu, 26 Aug 2004 11:17:04 +0200



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2004-0043

Package name:      courier-imap, samba, zlib
Summary:           Multiple vulnerabilities
Date:              2004-08-26
Affected versions: Trustix Secure Linux 1.5
                   Trustix Secure Linux 2.0
                   Trustix Secure Linux 2.1
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:

  courier-imap:
  Courier-IMAP is an IMAP server for Maildir mailboxes.  This package contains
  the standalone version of the IMAP server that's included in the Courier
  mail server package.  This package is a standalone version for use with
  other mail servers.  Do not install this package if you intend to install the
  full Courier mail server.  Install the Courier package instead.

  samba:
  Samba provides an SMB server which can be used to provide network
  services to SMB (sometimes called "Lan Manager") clients, including
  various versions of MS Windows, OS/2, and other Linux machines.

  zlib:
  The zlib compression library provides in-memory compression and
  decompression functions, including integrity checks of the uncompressed
  data.  This version of the library supports only one compression method
  (deflation), but other algorithms may be added later, which will have
  the same stream interface.  The zlib library is used by many different
  system programs.

Problem description:

  courier-imap:
  Format string vulnerability in the auth_debug function in Courier-IMAP
  1.6.0 to 2.2.1, when login debugging (DEBUG_LOGIN) is enabled, allows
  remote attackers to execute arbitrary code.
  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2004-0777 to this issue.

  samba:
  A new samba release (2.2.11) in Trustix Secure Linux 1.5 and 2.0
  fixes crashes in smbd triggered by a Windows XP SP2 client sending a
  FindNextPrintChangeNotify() request without previously issuing
  FindFirstPrintChangeNotify().

  A new samba release (3.0.6) in Trustix Secure Linux 2.1 and Trustix
  Operating System - Enterprise Server 2 fixes a few bugs and memory leaks.
  See also the changelog on 
  <URI:http://us3.samba.org/samba/history/samba-3.0.6.html>>

  zlib:
  A bug in zlib 1.2.1 would make it crash on certain invalid input.  This
  problem is believed to have DoS (Denial of Service) potential only.

Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Public testing:
  Most updates for Trustix Secure Linux are made available for public
  testing some time before release.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://tsldev.trustix.org/horizon/>>

  You may also use swup for public testing of updates:
  
  site {
      class = 0
      location = "http://tsldev.trustix.org/horizon/rdfs/latest.rdf"
      regexp = ".*"
  }
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-1.5/>>,
  <URI:http://www.trustix.org/errata/trustix-2.0/>> and
  <URI:http://www.trustix.org/errata/trustix-2.1/>>
  or directly at
  <URI:http://www.trustix.org/errata/2004/0043>>


MD5sums of the packages:
- --------------------------------------------------------------------------
680cdc6191f9682a388f7ed128f0c08b  courier-imap-2.2.1-5tr.i586.rpm
4c819f30d62e7fdd2b2216821619dba7  courier-imap-ldap-2.2.1-5tr.i586.rpm
f2b40be90f79f41e50b2f29ba74ad918  courier-imap-mysql-2.2.1-5tr.i586.rpm
8f53dbc4d8f5627905d3a82dc4ad1fb1  courier-imap-pgsql-2.2.1-5tr.i586.rpm
0a3abf1f7f876d16acbfdff205e7c126  samba-3.0.6-1tr.i586.rpm
14678c026c7fc78902e2ebc8bbafdd92  samba-client-3.0.6-1tr.i586.rpm
b39fc613a60861f5f77356e73684dd54  samba-common-3.0.6-1tr.i586.rpm
73b2b3215de61634429ec6fa5efe1564  samba-mysql-3.0.6-1tr.i586.rpm
56c047fcc3586b89bfca738aecd6f25a  zlib-1.2.1-4tr.i586.rpm
96885c1bfcb44b18a2ddefabf3356fe8  zlib-devel-1.2.1-4tr.i586.rpm

a23e6b9b98f28850a894deb8f5619961  2.1/rpms/courier-imap-2.2.1-5tr.i586.rpm
f4b0fbb2ec939244b2776df77b296570  2.1/rpms/courier-imap-ldap-2.2.1-5tr.i586.rpm
69d897c842b991ea612a1b44bc0145d0  2.1/rpms/courier-imap-mysql-2.2.1-5tr.i586.rpm
10fd568f429dbb9fdea2ae57b180ce13  2.1/rpms/courier-imap-pgsql-2.2.1-5tr.i586.rpm
2e439fbb07f180067d2e1f89a344ba6b  2.1/rpms/samba-3.0.6-1tr.i586.rpm
064485f47c456ba4f0c8ba06e937e311  2.1/rpms/samba-client-3.0.6-1tr.i586.rpm
46c742a43064f26830dc4443ad1b2040  2.1/rpms/samba-common-3.0.6-1tr.i586.rpm
cf331466c5beb7fd8f557e5aa66336bf  2.1/rpms/samba-mysql-3.0.6-1tr.i586.rpm
b1b5b8a591aa6f9fe9febe2bc473dbcc  2.1/rpms/zlib-1.2.1-4tr.i586.rpm
93ca8c0b75c46441f81497d94c2bdf39  2.1/rpms/zlib-devel-1.2.1-4tr.i586.rpm

eb33cf3de19c0f16f3c49f60e2290b41  2.0/rpms/courier-imap-1.7.1-15tr.i586.rpm
4371467433ee0852f6566e6d366c0abd  2.0/rpms/courier-imap-ldap-1.7.1-15tr.i586.rpm
0f6ae9a38ab966c37219fd2a5138359c  2.0/rpms/courier-imap-mysql-1.7.1-15tr.i586.rpm
700cf7e841a1c19b1aa78063426a4f92  2.0/rpms/courier-imap-pgsql-1.7.1-15tr.i586.rpm
aa428e5f29c575478614e1e71ecf13c8  2.0/rpms/samba-2.2.11-1tr.i586.rpm
cd638f62402a62d142ab57295821830e  2.0/rpms/samba-client-2.2.11-1tr.i586.rpm
894e41846b8fd92408b6fea67ca4d087  2.0/rpms/samba-common-2.2.11-1tr.i586.rpm

7361509d0cdc089c83940df4cd69fe32  1.5/samba-2.2.11-0.1tr.i586.rpm
99f24b6cca2d63071ad51bfb210f104a  1.5/samba-client-2.2.11-0.1tr.i586.rpm
2a325dca8ad4e5d8a920ce979bc657b0  1.5/samba-common-2.2.11-0.1tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFBLaldi8CEzsK9IksRArDYAKCYJu57aR9r6lbIQHjFXsAYT/b5BQCgrqpb
xFoc0fhyJtkNKJTWZBVbCM8=
=Qg7D
-----END PGP SIGNATURE-----
_______________________________________________
tsl-announce mailing list
tsl-announce@lists.trustix.org
http://lists.trustix.org/mailman/listinfo/tsl-announce
(Log in to post comments)


Copyright © 2024, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds