- --------------------------------------------------------------------------
Debian Security Advisory DSA 278-1                     security@debian.org 
Debian -- Security Information                              Martin Schulze
April 4th, 2003                          Debian -- Debian security FAQ 
- --------------------------------------------------------------------------

Package        : sendmail
Vulnerability  : char-to-int conversion
Problem-Type   : local, maybe remote
Debian-specific: no
CVE Id         : CAN-2003-0161
CERT Id        : VU#897604 CA-2003-12

Michal Zalewski discovered a buffer overflow, triggered by a char to
int conversion, in the address parsing code in sendmail, a widely used
powerful, efficient, and scalable mail transport agent.  This problem
is potentially remotely exploitable.

For the stable distribution (woody) this problem has been
fixed in version 8.12.3-6.2.

For the stable distribution (woody) this problem has been
fixed in version 8.9.3-26.

For the unstable distribution (sid) this problem has been
fixed in version 8.12.9-1.

We recommend that you upgrade your sendmail packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Source archives:

      
      Size/MD5 checksum:      649 f11b024ef774130f7918b882a7318c78
      
      Size/MD5 checksum:   143360 2e9868662e4e28e548ed9f6da2982b41
      
      Size/MD5 checksum:  1068290 efedacfbce84a71d1cfb0e617b84596e

  Alpha architecture:

      
      Size/MD5 checksum:   989736 a435c32c79785261bd0e7ec921718915

  ARM architecture:

      
      Size/MD5 checksum:   948306 1bdd277a28bd6a6c3c812053d11b1edd

  Intel IA-32 architecture:

      
      Size/MD5 checksum:   931838 36c569e21502a246dbdfba711b54842e

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:   917632 8ed928ac433a6be8d3144bb435bf1cfd

  PowerPC architecture:

      
      Size/MD5 checksum:   933820 000557eff8d57fa2e479e8df52348f0b

  Sun Sparc architecture:

      
      Size/MD5 checksum:   945760 c2e0e3d1edb05a00d3e5b0d8ca1053c8


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

      
      Size/MD5 checksum:      761 9eae4393094b7b163ecdddcd16dad19e
      
      Size/MD5 checksum:   253152 1fcbf7838b267d06a8c6258d3ff56488
      
      Size/MD5 checksum:  1840401 b198b346b10b3b5afc8cb4e12c07ff4d

  Architecture independent components:

      
      Size/MD5 checksum:   747408 5d83e06ac78cb55eabb9334235ec82ab

  Alpha architecture:

      
      Size/MD5 checksum:   267450 a8fd2edcabf581c8cef66fc1dcb5a8aa
      
      Size/MD5 checksum:  1218398 cf5503083ecacd7049171922e2fe15c7

  ARM architecture:

      
      Size/MD5 checksum:   247160 2a01bee8674426bc1a3ef3c40a39e4a1
      
      Size/MD5 checksum:  1066282 2dc41903235f6a88de369807e633f8c9

  Intel IA-32 architecture:

      
      Size/MD5 checksum:   236942 fb790940bcdfcd6231db136c6d381cb5
      
      Size/MD5 checksum:  1003484 b995fe58b4669c44eb52182dd9418418

  Intel IA-64 architecture:

      
      Size/MD5 checksum:   281624 52e26ea36d2368392903adf05d89dd34
      
      Size/MD5 checksum:  1482096 046c02549910b1a8392ddef7a562e5d9

  HP Precision architecture:

      
      Size/MD5 checksum:   261292 004fae2b6c8a12754521a18aa8086587
      
      Size/MD5 checksum:  1183440 4fdef1c4f769dc00819e0c50baefb542

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:   230756 eb81cfe3246e10351b018a16e29256cf
      
      Size/MD5 checksum:   941698 18db8d5f9145f614525bca339b115aac

  Big endian MIPS architecture:

      
      Size/MD5 checksum:   254796 bde3bab2d8ca1cb7703284fb91ef1317
      
      Size/MD5 checksum:  1125560 cb304f8b210a750d63596649ba4e7b98

  Little endian MIPS architecture:

      
      Size/MD5 checksum:   254492 94d3ac5c26ff850e528c8daa51b725d2
      
      Size/MD5 checksum:  1126774 d47df658c70fa4f25fd83b1fa28c8a87

  PowerPC architecture:

      
      Size/MD5 checksum:   256894 a3b2e7c0ce91f7d539d9f0494b71a236
      
      Size/MD5 checksum:  1073152 afd5d2e123ec40833f6e8b8143a0afbe

  IBM S/390 architecture:

      
      Size/MD5 checksum:   242242 a87e4e47fcaacc7d289b8431d5c665d5
      
      Size/MD5 checksum:  1049752 32146f341d640d20afb522b4653e8b75

  Sun Sparc architecture:

      
      Size/MD5 checksum:   244946 d55d99adf61e55a08a0fa91a65ffca67
      
      Size/MD5 checksum:  1069378 0383d42cdb29769f398df70bee7ea8b5


  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/