Re: [SECURITY] [DSA 635-1] New exim packages fix arbitrary code execution

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 635-1] New exim packages fix arbitrary code execution
From: Rainer Dorsch <rdorsch@web.de>
Date: Wed, 12 Jan 2005 09:49:58 +0100
Message-id: <[🔎] 200501120949.59366.rdorsch@web.de>
In-reply-to: <m1CodEE-000om1C@finlandia.Infodrom.North.DE>
References: <m1CodEE-000om1C@finlandia.Infodrom.North.DE>

Joey,

is exim-tls also affected? If yes, when can we expect an update.

Many thanks,
Rainer

Am Mittwoch, 12. Januar 2005 08:47 schrieb Martin Schulze:
> --------------------------------------------------------------------------
> Debian Security Advisory DSA 635-1                     security@debian.org
> http://www.debian.org/security/                             Martin Schulze
> January 12th, 2005                      http://www.debian.org/security/faq
> --------------------------------------------------------------------------
>
> Package        : exim
> Vulnerability  : buffer overflow
> Problem-Type   : remote
> Debian-specific: no
> CVE ID         : CAN-2005-0021
> Debian Bug     : 289046
>
> Philip Hazel announced a buffer overflow in the host_aton function in
> exim, the default mail-tranport-agent in Debian, which can lead to the
> execution of arbitrary code via an illegal IPv6 address.
>
> For the stable distribution (woody) this problem has been fixed in
> version 3.35-1woody4.
>
> For the unstable distribution (sid) this problem has been fixed in
> version 3.36-13 of exim and 4.34-10 of exim4.
>
> We recommend that you upgrade your exim and exim4 packages.
>
>
> Upgrade Instructions
> --------------------
>
> wget url
>         will fetch the file for you
> dpkg -i file.deb
>         will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
>         will update the internal database
> apt-get upgrade
>         will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian GNU/Linux 3.0 alias woody
> --------------------------------
>
>   Source archives:
>
>    
> http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4.dsc
> Size/MD5 checksum:      661 d97ecab579bd3dbaa3e9be00b8b16d85
> http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4.diff.
>gz Size/MD5 checksum:    80195 a02abeefa9d1145ae623ad661aab5f5a
> http://security.debian.org/pool/updates/main/e/exim/exim_3.35.orig.tar.gz
> Size/MD5 checksum:  1271057 42d362e40a21bd7ffc298f92c8bd986a
>
>   Alpha architecture:
>
>    
> http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_alpha
>.deb Size/MD5 checksum:   872796 a46f5dc95d777366cb492eb57ec8dd9f
> http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_alp
>ha.deb Size/MD5 checksum:    52318 bf93e35aec9f401d8413015c50f5cbae
>
>   ARM architecture:
>
>    
> http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_arm.d
>eb Size/MD5 checksum:   785980 5ced90e4c4ecd1ca6a60980634b309e8
> http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_arm
>.deb Size/MD5 checksum:    43514 07b7324395ff66f68db354c6b4589db7
>
>   Intel IA-32 architecture:
>
>    
> http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_i386.
>deb Size/MD5 checksum:   759270 9001a456b0a34f4bf5de88d901c70a97
> http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_i38
>6.deb Size/MD5 checksum:    39210 78e5eecee7101a355ddabec9d0f07b98
>
>   Intel IA-64 architecture:
>
>    
> http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_ia64.
>deb Size/MD5 checksum:   972852 43f4fc30483d8ad5c42e031fd64a9e8d
> http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_ia6
>4.deb Size/MD5 checksum:    65166 cdc921d9be2ec60b5f0ed95a5b976732
>
>   HP Precision architecture:
>
>    
> http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_hppa.
>deb Size/MD5 checksum:   815358 c506baffb4404f32762468fbc494551c
> http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_hpp
>a.deb Size/MD5 checksum:    48294 d90efe5be79e966e07a7cbe8e9013939
>
>   Motorola 680x0 architecture:
>
>    
> http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_m68k.
>deb Size/MD5 checksum:   737856 aefe6b63ebd03e9fe449afe22e752547
> http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_m68
>k.deb Size/MD5 checksum:    37752 e0d2b938e50c3b408928b8150459ad2b
>
>   Big endian MIPS architecture:
>
>    
> http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_mips.
>deb Size/MD5 checksum:   824458 0c1db679287a6de37f2c320f335c650c
> http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_mip
>s.deb Size/MD5 checksum:    48882 1670c36409482a8a870becf826f7ae68
>
>   Little endian MIPS architecture:
>
>    
> http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_mipse
>l.deb Size/MD5 checksum:   824846 88564f1d1b0c1781587d5db1bccdde77
> http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_mip
>sel.deb Size/MD5 checksum:    48778 6a7002c766a84dd81eed39d23f8709d5
>
>   PowerPC architecture:
>
>    
> http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_power
>pc.deb Size/MD5 checksum:   794244 abfa2009cd6417101d120a5980641012
> http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_pow
>erpc.deb Size/MD5 checksum:    44794 ea626fcb485a423fb56e61a1c4ae67e9
>
>   IBM S/390 architecture:
>
>    
> http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_s390.
>deb Size/MD5 checksum:   780026 bc9a3b5488cd7ee72c290f86f601beec
> http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_s39
>0.deb Size/MD5 checksum:    43930 f50688c682bcaeabfbd47c9e46a06143
>
>   Sun Sparc architecture:
>
>    
> http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_sparc
>.deb Size/MD5 checksum:   785298 1841407d21f544cf2645e373a6caad15
> http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_spa
>rc.deb Size/MD5 checksum:    42444 632b5aadc5c930c7c3e956fef10d5ffe
>
>
>   These files will probably be moved into the stable distribution on
>   its next update.
>
> ---------------------------------------------------------------------------
>------ For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security
> dists/stable/updates/main Mailing list:
> debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-- 
Rainer Dorsch
Alzentalstr. 28
D-71083 Herrenberg
07032-919495
Icq: 32550367

Reply to:

Prev by Date: Re: Log file IDS package?
Next by Date: Re: Log file IDS package?
Previous by thread: Re: Log file IDS package?
Next by thread: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
Index(es):
- Date
- Thread