[SECURITY] Current versions of mailx fixes /tmp problem

To: Debian Security Announcements <debian-security-announce@lists.debian.org>
Cc: Debian Changes <debian-changes@lists.debian.org>
Subject: [SECURITY] Current versions of mailx fixes /tmp problem
From: Martin Schulze <joey@kuolema.Infodrom.North.DE>
Date: Sun, 31 May 1998 02:23:15 +0200
Message-id: <[🔎] 19980531022315.C423@kuolema.Infodrom.North.DE>
Reply-to: security@debian.org

Former versions of mailx used an unsecure means of opening files
beneath /tmp for writing.  This can be used to damage files in a users
directory or even systemwide.

We recommend you upgrade your mailx package immediately.

dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 1.3.1 alias bo
-------------------------------

  Source archives:
    ftp://ftp.de.debian.org/debian-incoming/mailx_8.1.1-3.1.diff.gz
      MD5 checksum: 6e4dfc44a64514b41f000f1a2e2decaa
    ftp://ftp.de.debian.org/debian-incoming/mailx_8.1.1-3.1.dsc
      MD5 checksum: aead11aa1c643863aa96cbfe97803efc
    ftp://ftp.debian.org/debian/bo/source/mail/mailx_8.1.1.orig.tar.gz
      MD5 checksum: c779002cb043b57fd5198ec2032cacb0

  Intel architecture:
    ftp://ftp.de.debian.org/debian-incoming/mailx_8.1.1-3.1_i386.deb
      MD5 checksum: 08946decb4854280d1392159e988d825

  These files from the incoming directory will be moved into
  ftp://ftp.debian.org/debian/bo-updates/binary-i386/ and
  ftp://ftp.debian.org/debian/bo/binary-i386/ later.

Debian GNU/Linux pre2.0 alias hamm
----------------------------------

  Source archives:
    ftp://ftp.debian.org/debian/hamm/hamm/source/mail/mailx_8.1.1-9.diff.gz
      MD5 checksum: 3d821f673166c74d4ef6752a1eedd631
    ftp://ftp.debian.org/debian/hamm/hamm/source/mail/mailx_8.1.1-9.dsc
      MD5 checksum: 002f4ce9b72c143257ec4e1dc9a457e2
    ftp://ftp.debian.org/debian/hamm/hamm/source/mail/mailx_8.1.1.orig.tar.gz
      MD5 checksum: c779002cb043b57fd5198ec2032cacb0

  Alpha architecture:
    ftp://ftp.debian.org/debian/hamm/hamm/binary-alpha/mail/mailx_8.1.1-9.deb
      MD5 checksum: 4d54d9273ef02565221732a72882534a

  Intel architecture:
    ftp://ftp.debian.org/debian/hamm/hamm/binary-i386/mail/mailx_8.1.1-9.deb
      MD5 checksum: 029a5222f6b991682062c71e62d1282b

  Motorola 68xxx architecture:
    ftp://ftp.debian.org/debian/hamm/hamm/binary-m68k/mail/mailx_8.1.1-9.deb
      MD5 checksum: 1cba05cf6c1139b2369631ead45a0afd

  PowerPC architecture:
    ftp://ftp.de.debian.org/debian-incoming/mailx_8.1.1-9_powerpc.deb
      MD5 checksum: 3885660525901723885f40b2f4b7a8a7

  Sparc architecture:
    ftp://ftp.debian.org/debian/hamm/hamm/binary-sparc/mail/mailx_8.1.1-9.deb
      MD5 checksum: a20afd25d48b8455d042511996994a96

  The files from the incoming directory will be moved into
  ftp://ftp.debian.org/debian/hamm/hamm/binary-$arch/mail/ soon.

--
Debian GNU/Linux    .    Security Managers    .    security@debian.org
              debian-security-announce@lists.debian.org
Christian Hudon <chrish@debian.org> . Martin Schulze <joey@debian.org>

Attachment: pgpMDPV1rmSBR.pgp
Description: PGP signature

Reply to:

Prev by Date: Re: [SECURITY] New version of premail fixes /tmp file problem
Next by Date: New versions of cxhextrix fixes buffer overflow
Previous by thread: Re: [SECURITY] New version of premail fixes /tmp file problem
Next by thread: New versions of cxhextrix fixes buffer overflow
Index(es):
- Date
- Thread