USN-174-1: courier vulnerability
Posted on: 08/26/2005 09:37 AM

A new courier vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-174-1 August 26, 2005
courier vulnerability
CAN-2005-2151
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

courier-base

The problem can be corrected by upgrading the affected package to
version 0.47-3ubuntu1.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

A Denial of Service vulnerability has been discovered in the Courier
mail server. Due to a flawed status code check, failed DNS (domain
name service) queries for SPF (sender policy framework) were not
handled properly and could lead to memory corruption. A malicious DNS
server could exploit this to crash the Courier server.

However, SPF is not enabled by default, so you are only vulnerable if
you explicitly enabled it.

The Ubuntu 4.10 version of courier is not affected by this.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier_0.47-3ubuntu1.1.diff.gz
Size/MD5: 106779 1a9b25b9a8a00e3ef25cdb0f246913bb
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier_0.47-3ubuntu1.1.dsc
Size/MD5: 1204 b597835faf1ace190efe31862e565f14
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier_0.47.orig.tar.gz
Size/MD5: 6350808 361a84e497148ce557c150d3576ec24b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-doc_0.47-3ubuntu1.1_all.deb
Size/MD5: 370214 2f491d963cff6f0443e7a386a314e5fb

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-authdaemon_0.47-3ubuntu1.1_amd64.deb
Size/MD5: 61876 de263d02b5f22d28e544d7c44a7fd0fa
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-authmysql_0.47-3ubuntu1.1_amd64.deb
Size/MD5: 56580 84732b3212841e6f8287725e66546532
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-authpostgresql_0.47-3ubuntu1.1_amd64.deb
Size/MD5: 56790 36f6d95274da8147ef602bb529165f15
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-base_0.47-3ubuntu1.1_amd64.deb
Size/MD5: 256868 a5b6772fc595d5fb405ec58cc3836343
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-faxmail_0.47-3ubuntu1.1_amd64.deb
Size/MD5: 28430 10628e477c7e9f5d9d88b4c540a8fd67
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-imap-ssl_3.0.8-3ubuntu1.1_amd64.deb
Size/MD5: 20988 1cd30b0c20a1c49b6662251954b17edf
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-imap_3.0.8-3ubuntu1.1_amd64.deb
Size/MD5: 950426 8c1b21e6e28eb4de46d6ceb0d7febb4c
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-ldap_0.47-3ubuntu1.1_amd64.deb
Size/MD5: 73698 4f6c8fbbdce0cf96eadb8367d196b581
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-maildrop_0.47-3ubuntu1.1_amd64.deb
Size/MD5: 942982 d5960e61994809c9e3affc3e42b4014b
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-mlm_0.47-3ubuntu1.1_amd64.deb
Size/MD5: 122324 c228b012609b35efd9c073b82953409a
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-mta-ssl_0.47-3ubuntu1.1_amd64.deb
Size/MD5: 19000 2d56a63f0560bae92d9a3ce437ec40e7
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-mta_0.47-3ubuntu1.1_amd64.deb
Size/MD5: 2157216 b8bb4e90aa5aa42fea1e3bdc48ac0683
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-pcp_0.47-3ubuntu1.1_amd64.deb
Size/MD5: 66194 487ff885cb1958bf6be0bc6194a653be
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-pop-ssl_0.47-3ubuntu1.1_amd64.deb
Size/MD5: 20792 d65da48fead292db9dcd7b76d5258e1d
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-pop_0.47-3ubuntu1.1_amd64.deb
Size/MD5: 422972 0e9ba8bb27a01c8bed8af314d2798f12
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-ssl_0.47-3ubuntu1.1_amd64.deb
Size/MD5: 195262 c857932ff7bd5d9d89b87bb8ff2ba3d2
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-webadmin_0.47-3ubuntu1.1_amd64.deb
Size/MD5: 34116 ef1b279b0a81defbe3a6987f323bd4c7
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/sqwebmail_0.47-3ubuntu1.1_amd64.deb
Size/MD5: 797796 7947a2d059a1477c45d7f8267e5a27c8

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-authdaemon_0.47-3ubuntu1.1_i386.deb
Size/MD5: 55720 b29081bd370dc167bd49bb777577ce07
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-authmysql_0.47-3ubuntu1.1_i386.deb
Size/MD5: 51706 181aa889862179da1b102c24e417a605
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-authpostgresql_0.47-3ubuntu1.1_i386.deb
Size/MD5: 51808 020ba1b7d33cf285d113565a60c0c9a7
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-base_0.47-3ubuntu1.1_i386.deb
Size/MD5: 233042 db4f3db33ee426d07efb9e26464ea8a4
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-faxmail_0.47-3ubuntu1.1_i386.deb
Size/MD5: 28440 f2f30753cd5b77ca443dd609bf4b6640
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-imap-ssl_3.0.8-3ubuntu1.1_i386.deb
Size/MD5: 21000 91262b5dd89d2f2e2c3c6b8f3ca9b3ee
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-imap_3.0.8-3ubuntu1.1_i386.deb
Size/MD5: 925154 a19438bf0affca4f39e4834144ce6f57
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-ldap_0.47-3ubuntu1.1_i386.deb
Size/MD5: 67124 45d40251a45b6e1eb022c07a5c0ac96c
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-maildrop_0.47-3ubuntu1.1_i386.deb
Size/MD5: 916614 e2ae94557cc43a0fccfdede6b494847f
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-mlm_0.47-3ubuntu1.1_i386.deb
Size/MD5: 117024 7e13101fce208ee36ad295cc96f58b8c
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-mta-ssl_0.47-3ubuntu1.1_i386.deb
Size/MD5: 19000 6b98ae4bf01a0b755ce36ee8450df913
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-mta_0.47-3ubuntu1.1_i386.deb
Size/MD5: 2051398 54785d8358798e01c1e7cd75a0179f87
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-pcp_0.47-3ubuntu1.1_i386.deb
Size/MD5: 59412 659165ad7435919cae62087ea67a61c8
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-pop-ssl_0.47-3ubuntu1.1_i386.deb
Size/MD5: 20798 a8511ba4003d0a98910780f9c6a81b51
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-pop_0.47-3ubuntu1.1_i386.deb
Size/MD5: 414710 0661fbb59d4822bbaa89cd76ed0faec3
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-ssl_0.47-3ubuntu1.1_i386.deb
Size/MD5: 191648 703725b68576be2e0e2dde7365c89b56
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-webadmin_0.47-3ubuntu1.1_i386.deb
Size/MD5: 33930 a3ba2eafbada47a29bbbe0c348abcb4f
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/sqwebmail_0.47-3ubuntu1.1_i386.deb
Size/MD5: 764474 77a7807c6dc4b29c65226b4116a0ab60

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-authdaemon_0.47-3ubuntu1.1_powerpc.deb
Size/MD5: 62180 026f930d9aeda05abe3c96c4a5134576
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-authmysql_0.47-3ubuntu1.1_powerpc.deb
Size/MD5: 57404 eaf62404759ff0a9b51aec53085c5937
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-authpostgresql_0.47-3ubuntu1.1_powerpc.deb
Size/MD5: 57596 8263e0f917a29040aefc369b6d03dee0
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-base_0.47-3ubuntu1.1_powerpc.deb
Size/MD5: 251108 002164890ff6fa38aa38250769f6e865
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-faxmail_0.47-3ubuntu1.1_powerpc.deb
Size/MD5: 28440 64937b2ca6bfd5ea6991f20b1643e08c
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-imap-ssl_3.0.8-3ubuntu1.1_powerpc.deb
Size/MD5: 21002 bff8911a3e3f3a170af82e0bf6b4d3d4
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-imap_3.0.8-3ubuntu1.1_powerpc.deb
Size/MD5: 1066812 d89d19a6f329b0616cc11fa5cb50493d
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-ldap_0.47-3ubuntu1.1_powerpc.deb
Size/MD5: 74626 0c9d8caf59d0690736c5cb78d86c4736
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-maildrop_0.47-3ubuntu1.1_powerpc.deb
Size/MD5: 1059480 e526ec1ecbc8450f04f01570a94fc6e2
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-mlm_0.47-3ubuntu1.1_powerpc.deb
Size/MD5: 128576 1e5ebe65797acf318b908d97ce72e598
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-mta-ssl_0.47-3ubuntu1.1_powerpc.deb
Size/MD5: 19004 cfe16a1f74132bde222846531c846627
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-mta_0.47-3ubuntu1.1_powerpc.deb
Size/MD5: 2381060 51e095bc967480104ae0eed642f0bbcc
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-pcp_0.47-3ubuntu1.1_powerpc.deb
Size/MD5: 66298 73ae71988e6f4eac389849f2ccc93928
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-pop-ssl_0.47-3ubuntu1.1_powerpc.deb
Size/MD5: 20794 fbc719659328c0364592cdb053c307e4
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-pop_0.47-3ubuntu1.1_powerpc.deb
Size/MD5: 478786 ec23e9d7a4ec7a3147ed5ee3dd56d1c9
http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-ssl_0.47-3ubuntu1.1_powerpc.deb
Size/MD5: 196272 d0f53bb2e6e062953614af0c8b9c8c29
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-webadmin_0.47-3ubuntu1.1_powerpc.deb
Size/MD5: 34308 eca6058c39efaca3b818cd826e768782
http://security.ubuntu.com/ubuntu/pool/universe/c/courier/sqwebmail_0.47-3ubuntu1.1_powerpc.deb
Size/MD5: 860430 5f8aecef0639b6be5738509811f8de29

--Dxnq1zWXvFF0Q93v
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDDx8nDecnbV4Fd/IRAtwuAKD6cuxiEAhs1NNUaYxwybVy6rSe/wCgyQ9o
dWsUrg+8c6DlWFAWeeAYo7o=
=V8xt
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_174_1_courier_vulnerability.html)