“infamous41md” discovered several vulnerabilities in the GNU mailutils
package which contains utilities for handling mail. These problems
can lead to a denial of service or the execution of arbitrary code.
The Common Vulnerabilities and Exposures project identifies the
following vulnerabilities.
CAN-2005-1520
Buffer overflow mail header handling may allow a remote attacker
to execute commands with the privileges of the targeted user.
CAN-2005-1521
Combined integer and heap overflow in the fetch routine can lead
to the execution of arbitrary code.
CAN-2005-1522
Denial of service in the fetch routine.
CAN-2005-1523
Format string vulnerability can lead to the execution of arbitrary
code.
For the stable distribution (woody) these problems have been fixed in
version 20020409-1woody2.
For the testing distribution (sarge) these problems have been fixed in
version 0.6.1-4.
For the unstable distribution (sid) these problems have been fixed in
version 0.6.1-4.
We recommend that you upgrade your mailutils packages.