- ------------------------------------------------------------------------Debian Security Advisory DSA 738-1                   security@debian.org
https://www.debian.org/security/                            Michael Stone
July 05, 2005                         https://www.debian.org/security/faq
- ------------------------------------------------------------------------Package        : razor
Vulnerability  : email header parsing error
Problem type   : remote DOS
Debian-specific: no
CVE Id(s)      : CAN-2005-2024

A vulnerability was discovered in the way that Razor parses certain
email headers that could potentially be used to crash the Razor program,
causing a denial of service (DOS). 

For the stable distribution (sarge), this problem has been fixed in
version 2.670-1sarge2. 

The old stable distribution (woody) is not affected by this issue.

We recommend that you upgrade your razor package.

Upgrade instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (sarge)
- ------------------  sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

  Source archives:

          Size/MD5 checksum:      799 88b6def693d8e884f636acf9337344f1
          Size/MD5 checksum:    86705 0118b6030ea261ea85e73a55cc7eac8e
          Size/MD5 checksum:    10699 ed53476451c87dbf876697e198083973

  alpha architecture (DEC Alpha)

          Size/MD5 checksum:   117030 ab3c6043749da7b66aa468f8fec794a7

  arm architecture (ARM)

          Size/MD5 checksum:   115572 01ee173b14d45f1f576dd3b4db6ba3e8

  hppa architecture (HP PA RISC)

          Size/MD5 checksum:   117146 82889def9ab647e075cedf658a2e7707

  i386 architecture (Intel ia32)

          Size/MD5 checksum:   116070 9171153ba7bf5c0c679c14a8303d777d

  ia64 architecture (Intel ia64)

          Size/MD5 checksum:   118378 d1ed58ed88d490cad82b8cde72745b6d

  m68k architecture (Motorola Mc680x0)

          Size/MD5 checksum:   115938 6a620f25c1895e3ac80ba94c57931874

  mips architecture (MIPS (Big Endian))

          Size/MD5 checksum:   114962 3a771fb3bc2b88b6606121541f4e1c80

  mipsel architecture (MIPS (Little Endian))

          Size/MD5 checksum:   114978 3c6f16f40f9820e4624c277969c85947

  powerpc architecture (PowerPC)

          Size/MD5 checksum:   117502 2860b774a37ed2eaae9efd365e05ceaf

  s390 architecture (IBM S/390)

          Size/MD5 checksum:   115738 02789063e04d63a1eea5f2bf88745c5f

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5 checksum:   115848 8a264ab5802cf6764db4354facdd4ea0

- -------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: New razor packages fix potential DOS

July 5, 2005
Updated package.

Summary


The old stable distribution (woody) is not affected by this issue.

We recommend that you upgrade your razor package.

Upgrade instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (sarge)
- ------------------ sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

Size/MD5 checksum: 799 88b6def693d8e884f636acf9337344f1
Size/MD5 checksum: 86705 0118b6030ea261ea85e73a55cc7eac8e
Size/MD5 checksum: 10699 ed53476451c87dbf876697e198083973

alpha architecture (DEC Alpha)

Si...

Read the Full Advisory

Severity

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved