Mandrake security alert: Updated metamail packages fix buffer overflow vulnerabilities

Posted by dave on Feb 18, 2004 4:55 PM EDT
Mailing list
Mail this story
Print this story

Two format string and two buffer overflow vulnerabilities were discovered in metamail by Ulf Harnhammar. The updated packages are patched to fix these holes.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrake Linux Security Update Advisory _______________________________________________________________________

Package name: metamail Advisory ID: MDKSA-2004:014 Date: February 18th, 2004

Affected versions: 9.0, 9.1, 9.2, Corporate Server 2.1 ______________________________________________________________________

Problem Description:

Two format string and two buffer overflow vulnerabilities were discovered in metamail by Ulf Harnhammar. The updated packages are patched to fix these holes. _______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0105 ______________________________________________________________________

Updated Packages: Corporate Server 2.1: 548c9a7a79f8b3e6a64caabd4ff8b276 corporate/2.1/RPMS/metamail-2.7-9.1.C21mdk.i586.rpm bbacb5d6d2c7233b00bee939e1f92125 corporate/2.1/SRPMS/metamail-2.7-9.1.C21mdk.src.rpm

Corporate Server 2.1/x86_64: 7bc7bad9023a2c15175562d1fadc31ef x86_64/corporate/2.1/RPMS/metamail-2.7-9.1.C21mdk.x86_64.rpm bbacb5d6d2c7233b00bee939e1f92125 x86_64/corporate/2.1/SRPMS/metamail-2.7-9.1.C21mdk.src.rpm

Mandrake Linux 9.0: 9ee83662f8af9eaf670ec7fda5a22351 9.0/RPMS/metamail-2.7-9.1.90mdk.i586.rpm bc7f01df5ca62755f7e7c8f4cc698826 9.0/SRPMS/metamail-2.7-9.1.90mdk.src.rpm

Mandrake Linux 9.1: b1e8c0600f1d2b8e3d7cb286300e798f 9.1/RPMS/metamail-2.7-9.1.91mdk.i586.rpm 504b97acd0de7ced8a5c93cd28a4fc16 9.1/SRPMS/metamail-2.7-9.1.91mdk.src.rpm

Mandrake Linux 9.1/PPC: d2449e2c3a31e1ae82a197089367c7c0 ppc/9.1/RPMS/metamail-2.7-9.1.91mdk.ppc.rpm 504b97acd0de7ced8a5c93cd28a4fc16 ppc/9.1/SRPMS/metamail-2.7-9.1.91mdk.src.rpm

Mandrake Linux 9.2: 73797afd935d841a8e1701d6c8572ed7 9.2/RPMS/metamail-2.7-9.1.92mdk.i586.rpm 5f36fe16d00e69761d829fbdcdf95839 9.2/SRPMS/metamail-2.7-9.1.92mdk.src.rpm

Mandrake Linux 9.2/AMD64: d3fb23bbf49aba7ef9355031510c12c9 amd64/9.2/RPMS/metamail-2.7-9.1.92mdk.amd64.rpm 5f36fe16d00e69761d829fbdcdf95839 amd64/9.2/SRPMS/metamail-2.7-9.1.92mdk.src.rpm _______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team by executing:

gpg --recv-keys --keyserver http://www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFANBSWmqjQ0CJFipgRAgQbAJwLgfMxO/wGa94vD04LZCvzmFK4AgCgxk3p 4PnC1pmkAJMLZ23zcYUFv1Y= =8fW9 -----END PGP SIGNATURE-----



  Nav
» Read more about: Story Type: Security; Groups: Mandriva

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.