-----BEGIN PGP SIGNED MESSAGE-----

We have received reports that the version of the imap suite
in Debian GNU/Linux 2.1 has a vulnerability in its POP-2 daemon,
which can be found in the ipopd package. Using this vulnerability
it is possible for remote users to get a shell as user "nobody"
on the server.

We recommend you upgrade your ipopd package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.1 alias slink
- --------------------------------

  This version of Debian was released only for Intel, the Motorola
  680x0, the alpha and the Sun sparc architecture.

  Source archives:
     
-0slink2.diff.gz
      MD5 checksum: 606f893869069eee68f4c1e31392af29
     -
0slink2.dsc
      MD5 checksum: 93ed80a3619586ff9f3246003aca2448
     
      MD5 checksum: 59afe4be5fcd17c20d241633a4a3d0ac
  
  Sun Sparc architecture:
     
sparc/c-client-dev_4.5-0slink2_sparc.deb
      MD5 checksum: 2de5363a3ea9f27c1aa064c3102567cc
     
sparc/imap_4.5-0slink2_sparc.deb
      MD5 checksum: 87638b6ad06094f30ff6d2dddfd10b8b
     
sparc/ipopd_4.5-0slink2_sparc.deb
      MD5 checksum: aa6621e2f7e2df751489c397e9e169a8
  
  Intel ia32 architecture:
     i386/c-
client-dev_4.5-0slink2_i386.deb
      MD5 checksum: fd92656c7281a4d8322b6da1285475cd
     
i386/imap_4.5-0slink2_i386.deb
      MD5 checksum: c92eaece7e431c84708909362afad07d
     
i386/ipopd_4.5-0slink2_i386.deb
      MD5 checksum: 29685847b0eef8307383a428b1d02be2
  
  Motorola 680x0 architecture:
     m68k/c-
client-dev_4.5-0slink2_m68k.deb
      MD5 checksum: eeab449299e9f2d3fc97db69110b4432
     
m68k/imap_4.5-0slink2_m68k.deb
      MD5 checksum: 4bd0fbaa392b6013f6caa33b04578764
     
m68k/ipopd_4.5-0slink2_m68k.deb
      MD5 checksum: d43f502971afc531923903f3ac7b5b3f
  
  Alpha architecture:
     
alpha/c-client-dev_4.5-0slink2_alpha.deb
      MD5 checksum: 6732ae9495ee29590ed85cc482fbda97
     
alpha/imap_4.5-0slink2_alpha.deb
      MD5 checksum: d0ee05b972d5d1bc1d066e2bae4d8c8b
     
alpha/ipopd_4.5-0slink2_alpha.deb
      MD5 checksum: 89c3931092537d0eb23fb50fa57f1bb0


  These files will be copied into
    soon.

Please note you can also use apt to always get the latest security
updates. To do so add the following line to /etc/apt/sources.list:

  deb debian 
stable updates


- -- 
Debian GNU/Linux      .    Security Managers     .   security@debian.org
              debian-security-announce@lists.debian.org
  Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
   .     .   


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBN1sKgajZR/ntlUftAQGqlgL/d+dzjkxSf0bVDuFmWmeMgH9UxhpJXAwV
0EAtFEY7oRyNpiRLHojnJ48sPviIetVsojHsz9w4uh787skIUJYdFTJN+/O+kxLq
TeF2k+ESbtLJav5QCnVrR7CfiIhYMLgx
=Z3ew
-----END PGP SIGNATURE-----

New version if ipopd prevents exploit

December 13, 1999
We have received reports that the version of the imap suite in Debian GNU/Linux 2.1 has a vulnerability in its POP-2 daemon, which can be found in the ipopd package

Summary

We recommend you upgrade your ipopd package immediately.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Debian GNU/Linux 2.1 alias slink

This version of Debian was released only for Intel, the Motorola
680x0, the alpha and the Sun sparc architecture.

Source archives:

-0slink2.diff.gz
MD5 checksum: 606f893869069eee68f4c1e31392af29
-
0slink2.dsc
MD5 checksum: 93ed80a3619586ff9f3246003aca2448

MD5 checksum: 59afe4be5fcd17c20d241633a4a3d0ac

Sun Sparc architecture:

sparc/c-client-dev_4.5-0slink2_sparc.deb
MD5 checksum: 2de5363a3ea9f27c1aa064c3102567cc

sparc/imap_4.5-0slink2_sparc.deb
MD5 checksum: 87638b6ad06094f30ff6d2dddfd10b8b

sparc/ipopd_4.5-0slink2_sparc.deb
MD5 checksum: aa6621e2f7e2df751489c397e9e169a8

Intel ia32 architecture:
i386/c-
client-dev_4.5-0slink2_i386.deb
MD5 checksum: fd92656c7281a4d8322b6da1285475cd

i386/imap_4.5-0slink2_i386.deb
MD5 check...

Read the Full Advisory

Severity

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved