Package: hylafax-server Version: 1:4.2.1-5sarge1 Severity: grave Tags: security Justification: user security hole
Hi, An eval injection vulnerability was found in Hylafax 4.2.0 to 4.2.3 which allows an remote attacker to execute arbitrary commands. this issue is described in candidate CVE-2005-3539 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3539 As debian stable is using 4.2.1 it is not vulnarable to the issue in the faxrcvd script. regards, Ernst Oudhof -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-k7 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages hylafax-server depends on: ii debconf 1.4.30.13 Debian configuration management sy ii gawk [awk] 1:3.1.4-2 GNU awk, a pattern scanning and pr ii gs 8.01-5 Transitional package ii gs-gpl [gs] 8.01-5 The GPL Ghostscript PostScript int ii hylafax-client 1:4.2.1-5sarge1 Flexible client/server fax softwar ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libgcc1 1:3.4.3-13 GCC support library ii libpam0g 0.76-22 Pluggable Authentication Modules l ii libstdc++5 1:3.3.5-13 The GNU Standard C++ Library v3 ii libtiff-tools 3.7.2-3 TIFF manipulation and conversion t ii libtiff4 3.7.2-3 Tag Image File Format (TIFF) libra ii mailx 1:8.1.2-0.20040524cvs-4 A simple mail user agent ii mawk [awk] 1.3.3-11 a pattern scanning and text proces ii mime-codecs 7.19-4 Fast Quoted-Printable and BASE64 M ii psmisc 21.5-1 Utilities that use the proc filesy ii sed 4.1.2-8 The GNU sed stream editor ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
