hylafax - buffer overflows and format string vulnerabilities

A set of problems have been discovered in Hylafax, a flexible
client/server fax software distributed with many GNU/Linux
distributions. Quoting SecurityFocus the problems are in detail:

• A format string vulnerability makes it possible for users to
  potentially execute arbitrary code on some implementations. Due to
  insufficient checking of input, it’s possible to execute a format
  string attack. Since this only affects systems with the faxrm and
  faxalter programs installed setuid, Debian is not vulnerable.
• A buffer overflow has been reported in Hylafax. A malicious fax
  transmission may include a long scan line that will overflow a
  memory buffer, corrupting adjacent memory. An exploit may result
  in a denial of service condition, or possibly the execution of
  arbitrary code with root privileges.
• A format string vulnerability has been discovered in faxgetty.
  Incoming fax messages include a Transmitting Subscriber
  Identification (TSI) string, used to identify the sending fax
  machine. Hylafax uses this data as part of a format string without
  properly sanitizing the input. Malicious fax data may cause the
  server to crash, resulting in a denial of service condition.
• Marcin Dawcewicz discovered a format string vulnerability in hfaxd,
  which will crash hfaxd under certain circumstances. Since Debian
  doesn’t have hfaxd installed setuid root, this problem cannot
  directly lead into a vulnerability. This has been fixed by Darren
  Nickerson, which was already present in newer versions, but not in
  the potato version.

These problems have been fixed in version 4.0.2-14.3 for the old
stable distribution (potato), in version 4.1.1-1.1 for the current
stable distribution (woody) and in version 4.1.2-2.1 for the unstable
distribution (sid).

We recommend that you upgrade your hylafax packages.