Debian Weekly News - email
Date: Mon, 7 Jun 1999 00:28:15 -0700 Reply-To: firstname.lastname@example.org From: debian-security-announce@LISTS.DEBIAN.ORG Subject: [SECURITY] New version if ipopd prevents exploit To: BUGTRAQ@NETSPACE.ORG -----BEGIN PGP SIGNED MESSAGE----- We have received reports that the version of the imap suite in Debian GNU/Linux 2.1 has a vulnerability in its POP-2 daemon, which can be found in the ipopd package. Using this vulnerability it is possible for remote users to get a shell as user "nobody" on the server. We recommend you upgrade your ipopd package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.1 alias slink - -------------------------------- This version of Debian was released only for Intel, the Motorola 680x0, the alpha and the Sun sparc architecture. Source archives: http://security.debian.org/dists/stable/updates/source/imap_4.5-0slink2.diff.gz MD5 checksum: 606f893869069eee68f4c1e31392af29 http://security.debian.org/dists/stable/updates/source/imap_4.5-0slink2.dsc MD5 checksum: 93ed80a3619586ff9f3246003aca2448 http://security.debian.org/dists/stable/updates/source/imap_4.5.orig.tar.gz MD5 checksum: 59afe4be5fcd17c20d241633a4a3d0ac Sun Sparc architecture: http://security.debian.org/dists/stable/updates/binary-sparc/c-client-dev_4.5-0slink2_sparc.deb MD5 checksum: 2de5363a3ea9f27c1aa064c3102567cc http://security.debian.org/dists/stable/updates/binary-sparc/imap_4.5-0slink2_sparc.deb MD5 checksum: 87638b6ad06094f30ff6d2dddfd10b8b http://security.debian.org/dists/stable/updates/binary-sparc/ipopd_4.5-0slink2_sparc.deb MD5 checksum: aa6621e2f7e2df751489c397e9e169a8 Intel ia32 architecture: http://security.debian.org/dists/stable/updates/binary-i386/c-client-dev_4.5-0slink2_i386.deb MD5 checksum: fd92656c7281a4d8322b6da1285475cd http://security.debian.org/dists/stable/updates/binary-i386/imap_4.5-0slink2_i386.deb MD5 checksum: c92eaece7e431c84708909362afad07d http://security.debian.org/dists/stable/updates/binary-i386/ipopd_4.5-0slink2_i386.deb MD5 checksum: 29685847b0eef8307383a428b1d02be2 Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/binary-m68k/c-client-dev_4.5-0slink2_m68k.deb MD5 checksum: eeab449299e9f2d3fc97db69110b4432 http://security.debian.org/dists/stable/updates/binary-m68k/imap_4.5-0slink2_m68k.deb MD5 checksum: 4bd0fbaa392b6013f6caa33b04578764 http://security.debian.org/dists/stable/updates/binary-m68k/ipopd_4.5-0slink2_m68k.deb MD5 checksum: d43f502971afc531923903f3ac7b5b3f Alpha architecture: http://security.debian.org/dists/stable/updates/binary-alpha/c-client-dev_4.5-0slink2_alpha.deb MD5 checksum: 6732ae9495ee29590ed85cc482fbda97 http://security.debian.org/dists/stable/updates/binary-alpha/imap_4.5-0slink2_alpha.deb MD5 checksum: d0ee05b972d5d1bc1d066e2bae4d8c8b http://security.debian.org/dists/stable/updates/binary-alpha/ipopd_4.5-0slink2_alpha.deb MD5 checksum: 89c3931092537d0eb23fb50fa57f1bb0 These files will be copied into http://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon. Please note you can also use apt to always get the latest security updates. To do so add the following line to /etc/apt/sources.list: deb http://security.debian.org/ stable updates - -- Debian GNU/Linux . Security Managers . email@example.com firstname.lastname@example.org Christian Hudon . Wichert Akkerman . Martin Schulze <email@example.com> . <firstname.lastname@example.org> . <email@example.com> -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQB1AwUBN1sKgajZR/ntlUftAQGqlgL/d+dzjkxSf0bVDuFmWmeMgH9UxhpJXAwV 0EAtFEY7oRyNpiRLHojnJ48sPviIetVsojHsz9w4uh787skIUJYdFTJN+/O+kxLq TeF2k+ESbtLJav5QCnVrR7CfiIhYMLgx =Z3ew -----END PGP SIGNATURE-----
To: firstname.lastname@example.org cc: email@example.com Subject: Non-Profit status approved for SPI From: "Nils Lohner" <firstname.lastname@example.org> Date: Wed, 02 Jun 1999 11:19:16 -0400 --------------------------------------------------------------------------- Software in the Public Interest, Inc. http://www.spi-inc.org/ Non-Profit status approved for SPI June 2, 1999 --------------------------------------------------------------------------- >> News The Internal Revenue Service of the US has just determined that under section 501 (a) of the Internal Revenue Code SPI qualifies for 501 (c) (3) (non-profit organization) status under section 509 (a) (1) and 170 (b) (1) (A) (vi). This means that all deductions made to SPI and its supported projects are tax deductible for the donor. Further information on this status will be available on the SPI web pages shortly, and can also be found on the IRS web pages at <http://www.irs.gov>. More information about exempt organizations can be found at <http://www.irs.ustreas.gov/prod/bus_info/eo/index.html>. >> About SPI SPI is a non-profit organization which was founded to help organizations develop and distribute open hardware and software. We encourage programmers to use the GNU General Public License or other licenses that allow free redistribution and use of software, and hardware developers to distribute documentation that will allow device drivers to be written for their product. Open Source is a Registered Certification Mark of SPI. Debian is a registered Trademark of SPI. >> Contact Information For further information, please send email to email@example.com or visit the Software in the Public Interest, Inc. homepage at <http://www.spi-inc.org/>. -- Nils Lohner Software in the Public Interest, Inc. E-Mail: firstname.lastname@example.org PO Box 1326 Press Contact <email@example.com> Boston, Ma. 02117 USA
Date: Mon, 7 Jun 1999 13:36:55 -0700 From: Joey Hess <firstname.lastname@example.org> To: email@example.com, firstname.lastname@example.org Subject: FWD: [svlug] Linus Torvalds at BALUG Debian Benefit on 6/15, RSVP ASAP. ----- Forwarded message from "Arthur F. Tyde III - Administrator" <email@example.com> ----- Date: Mon, 07 Jun 1999 12:17:45 -0700 From: "Arthur F. Tyde III - Administrator" <firstname.lastname@example.org> Organization: Linuxcare Inc. X-Mailer: Mozilla 4.51 [en] (X11; I; Linux 2.3.4 i586) To: svlug <email@example.com> Subject: [svlug] Linus Torvalds at BALUG Debian Benefit on 6/15, RSVP ASAP. Linus Torvalds to Headline Benefit Dinner for Debian Project Linuxcare, VA Linux Systems to Sponsor Event at Upcoming BALUG Meeting June 7, 1999 Linus Torvalds, creator of the Linux operating system, will headline a benefit dinner for the Debian Project, developers of the Debian GNU/Linux distribution, on Tuesday, June 15, at the monthly meeting of the Bay Area Linux Users Group (BALUG). The dinner will be held at the Four Seas Restaurant in San Francisco's Chinatown district; reservation and other information can be found at http://www.balug.org/. Because seating is limited, guests are urged to register early using the BALUG Web site. Contributions to the benefit, which also covers the cost of the meal exclusive of beverages, are $10 per person. The Debian Project is an international group of Open Source software developers who collectively produce Debian GNU/Linux, one of the major distributions of the Linux operating system. Unlike other Linux distributors, such as Red Hat Software, the Debian Project is wholly non-profit. "The Debian Project perfectly exemplifies the spirit of Open Source development," Torvalds said. "Debian's non-commercial Linux distribution shows again that Internet-enabled, cooperative software development can produce software of the very highest quality." Two Linux industry leaders--Linuxcare, Inc., and VA Linux Systems--are co-sponsoring the Debian benefit in coordination with BALUG. The two companies will underwrite a $10 contribution to the Debian Project for every person who attends the June 15 dinner; at least several hundred persons are anticipated to be on hand. The Debian Project (http://www.debian.org) operates under the auspices of Software in the Public Interest, Inc. (SPI), a non-profit, 501(c) corporation. SPI can be found on the Web at http://www.spi-inc.org/. About BALUG The Bay Area Linux Users Group, founded in 1994, is one of the oldest Linux Users Groups (LUGs) in the United States. BALUG pursues a vigorous agenda of Linux advocacy activities, including regular Installfests and special educational seminars and other events. Most recently, BALUG sponsored a special presentation on the Samba Open Source software suite by key developers Andrew Tridgell and Jeremy Allison, and helped support the successful Windows Refund Day activities in February 1999. The BALUG membership meets every third Tuesday of the month at the Four Seas Restaurant in San Francisco. Visit http://www.balug.org/ for more information. About Linuxcare, Inc. Linuxcare, Inc. is the first company to provide a complete solution for Linux technical support, consulting, education and product certification for Global 1000 companies. Linuxcare supports all major distributions of Linux on all major platforms, offering a variety of programs including 24x7 enterprise-class telephone support. With funding from Kleiner Perkins and others, Linuxcare counts Dell Computer among its strategic partners. The company also hosts www.linuxcare.com, the world's largest technical-support resource for Linux. Founded in 1998, Linuxcare is headquartered in San Francisco, Calif. The company can be reached at 888-LIN-GURU (888-546-4878) and at www.linuxcare.com. About VA Linux Systems VA Linux Systems is a leading provider of Linux-based hardware software, service and support solutions. The first Linux systems company in the world, VA is a pioneer in providing high performance workstations and servers to enterprises and is at the forefront of the Open Source revolution. VA also has the rights to the premier Linux portal, Linux.com. Based in Mountain View, Calif., the privately held company has been profitable since its formation in 1993 and has gained a reputation for innovation and responsiveness that is making it a leader in full service Linux solutions. For more information, contact VA at 888-LINUX-4U or www.varesearch.com. -- echo "unsubscribe svlug" | mail firstname.lastname@example.org ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ to unsubscribe see http://www.svlug.org/mdstuff/lists.shtml for posting guidelines. ----- End forwarded message ----- -- see shy jo
(Reposted with permission.)
Date: Tue, 8 Jun 1999 01:32:00 +0100 (BST) From: Steve McIntyre <email@example.com> To: firstname.lastname@example.org Subject: Usenix: Debian BoF As nobody else appeared to have done anything about it when I looked earlier this afternoon, I've organised one. Thursday evening, 7 till 8. Bonzai 1, Doubletree. Hope to see people there... If you want to contact me this week, please mail me directly as I don't have the bandwidth to read lists here. Steve McIntyre, CURS CCE, Cambridge, UK email@example.com http://www.chiark.greenend.org.uk/~stevem/
To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.
Back issues of this newsletter are available.
This issue of Debian Weekly News was edited by Joey Hess.