Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0658 xbuffy security update 5 May 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: xbuffy Publisher: Debian Operating System: Debian GNU/Linux 6 Debian GNU/Linux 7 UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-0469 Original Bulletin: http://www.debian.org/security/2014/dsa-2921 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running xbuffy check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2921-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez May 04, 2014 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : xbuffy CVE ID : CVE-2014-0469 Michael Niedermayer discovered a vulnerability in xbuffy, an utility for displaying message count in mailbox and newsgroup accounts. By sending carefully crafted messages to a mail or news account monitored by xbuffy, an attacker can trigger a stack-based buffer overflow, leading to xbuffy crash or even remote code execution. For the oldstable distribution (squeeze), this problem has been fixed in version 3.3.bl.3.dfsg-8+deb6u1. For the stable distribution (wheezy), this problem has been fixed in version 3.3.bl.3.dfsg-8+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 3.3.bl.3.dfsg-9. For the unstable distribution (sid), this problem has been fixed in version 3.3.bl.3.dfsg-9. We recommend that you upgrade your xbuffy packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCgAGBQJTZqtGAAoJEG3bU/KmdcClSCQH/jaytTnWyJpaBCj9RgsL2ulO 7elVLmvLwN2Tfo5hwmWzW1ibPTDaF+T19CPptimNmHx2wor0rDdNswfZFGqep4H0 TBBln9VdTrdlwkjMZwhlgceMIza+1/WlAWh/h1UFa+2Z5obyBIfDJ1mbgASsjISs qWz3mSxJfUXV6nmQys+5b8gmbjdcMYCHk63TWkLOZrtqbMm4jIFPw7zwkehmrddr PTyuKm8Dd+J2VSr3rnzfzVIDBxCBkU/np2Fh9ay6kpDXP2r1rGoYHoeHN50eKTPV lMVmqPnsXJWsZOr82p2s+xwbvDxsOCHsfxMSMDCGx7QmBPrVNbPukpFFWuv5w34= =Xx9R - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU2b+YRLndAQH1ShLAQLlahAAsgvEwgiPEBCcz/maYaiOZSu7nQ6ScInS qSzGigAbrBcEmFpQb42xioUBhCu/4eg8Jrrxu31/kCbd8EahmH19ijJlpq2FOe2X 5n4iHGPc/KaF/S1tHjHmJDZL1oz8iIYX0fa5vXbAO13SgM2Km6T0K8zTc0kiETmX Cj4xpucyugdrbLKzuC23idtN0XeEhR/CfcLrpZLDjT6NI/fIUnNfpU1z8kB/ueGg /LntyHLbDBUZIfVQ6GPtXxEyXKVilAmqaNCUBvFmtalcEJLCS9WMzoFO4TWpl5gN xSeUS8hHXsQRSsxD4YwSQsi8mddtuy5p078xw7lVHwsWimw+wkk3nrUzbhQ2JPxK uiA3QKt7gW9Y8VTIcVxnwq0EoUxAbaq3r4Dftj8c2TgqRpbuFDFG01cSOh3tg79d p2qGHOlf6nvTSmCGhyG/fpYKlqLbqdqGHm7Oj8RP9WzVo/+P6+1/7sXIVWWD/ccn x/jSdBEOxm+/Bo3UOieW3R4lXWxjoSW0kbKYlfpc3faPm9rPjxTErzok/ZJsvZsb OokdyyjPIb0V/+ninIRF8U6/yG+mbIq1ssri6Eubb18xOOZoSsg2NaHomS1hebog oR3jD//g/aXzxUNVll5fqe3hoIOApVTBUhwHlfWlyUEIiWi727RbYeC1dbixqU4L EymMgyV/4tg= =SJFS -----END PGP SIGNATURE-----