Debian Security Advisory DSA 248-1 (hypermail)

The remote host is missing an update to hypermail announced via advisory DSA 248-1.

Ulf Harnhammar discovered two problems in hypermail, a program to create HTML archives of mailing lists. An attacker could craft a long filename for an attachment that would overflow two buffers when a certain option for interactive use was given, opening the possibility to inject arbitrary code. This code would then be executed under the user id hypermail runs as, mostly as a local user. Automatic and silent use of hypermail does not seem to be affected. The CGI program mail, which is not installed by the Debian package, does a reverse look-up of the user's IP number and copies the resulting hostname into a fixed-size buffer. A specially crafted DNS reply could overflow this buffer, opening the program to an exploit. For the stable distribution (woody) this problem has been fixed in version 2.1.3-2.0. For the old stable distribution (potato) this problem has been fixed in version 2.0b25-1.1. For the unstable distribution (sid) this problem has been fixed in version 2.1.6-1. We recommend that you upgrade your hypermail packages.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20248-1