Re: [SECURITY] [DSA-2154-1] exim4 security update
On Sunday 30 January 2011, Dario Ernst wrote:
> If i am not using -D or -C anywhere in my exim setup (e.g. using
> the debian default initscripts and have not added any of those
> options in /etc/default/exim4) and installed the update ... am i
> okay to go with that?
>
> Sorry for asking those stupid questions, but the instructions are a
> little ambiguous there...
Yes, that's what I meant with "The Debian default configuration is not
affected by the changes". How would you have worded it to be less
ambigous?
> On Sun, Jan 30, 2011 at 10:41:58AM +0000, Stefan Fritsch wrote:
> > A design flaw (CVE-2010-4345) in exim4 allowed the loal
> > Debian-exim user to obtain root privileges by specifying an
> > alternate configuration file using the -C option or by using the
> > macro override facility (-D option).
> > ....
> >
> > The Debian default configuration is not affected by the changes.
Cheers,
Stefan
Reply to: