Re: [SECURITY] [DSA 2566-1] exim4 security update

To: debian-security@lists.debian.org
Cc: debian-security-announce@lists.debian.org
Subject: Re: [SECURITY] [DSA 2566-1] exim4 security update
From: Rory Campbell-Lange <rory@campbell-lange.net>
Date: Fri, 26 Oct 2012 11:39:04 +0100
Message-id: <[🔎] 20121026103904.GC6762@campbell-lange.net>
In-reply-to: <[🔎] 20121026103652.GB6762@campbell-lange.net>
References: <20121026101520.GA31943@ngolde.de> <[🔎] 20121026103652.GB6762@campbell-lange.net>

I've just updated the clw server.

On 26/10/12, Rory Campbell-Lange (rory@campbell-lange.net) wrote:
> This is pretty serious and could easily cause some server hacks.
> 
> Can we upgrade mail servers for just this issue more or less
> immediately? Please let me know what the status of the mailscanner
> server is.
> 
> Rory
> 
> On 26/10/12, Nico Golde (nion@debian.org) wrote:
> > -------------------------------------------------------------------------
> > Debian Security Advisory DSA-2566-1                   security@debian.org
> > http://www.debian.org/security/                                Nico Golde
> > October 25, 2012                       http://www.debian.org/security/faq
> > -------------------------------------------------------------------------
> > 
> > Package        : exim4
> > Vulnerability  : heap-based buffer overflow
> > Problem type   : remote
> > Debian-specific: no
> > CVE ID         : CVE-2012-5671
> > 
> > It was discovered that Exim, a mail transport agent, is not properly
> > handling the decoding of DNS records for DKIM.  Specifically, crafted
> > records can yield to a heap-based buffer overflow.  An attacker can
> > exploit this flaw to execute arbitrary code.
> > 
> > For the stable distribution (squeeze), this problem has been fixed in
> > version 4.72-6+squeeze3.
> > 
> > For the testing distribution (wheezy), this problem has been fixed in
> > version 4.80-5.1.
> > 
> > For the unstable distribution (sid), this problem has been fixed in
> > version 4.80-5.1.
> > 
> > 
> > We recommend that you upgrade your exim4 packages.
> > 
> > Further information about Debian Security Advisories, how to apply
> > these updates to your system and frequently asked questions can be
> > found at: http://www.debian.org/security/
> > 
> > Mailing list: debian-security-announce@lists.debian.org
> > 
> > 
> > 
> > -- 
> > To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> > Archive: http://lists.debian.org/20121026101520.GA31943@ngolde.de
> > 
> 
> -- 
> Rory Campbell-Lange
> rory@campbell-lange.net
> 
> Campbell-Lange Workshop
> www.campbell-lange.net
> 0207 6311 555
> 3 Tottenham Street London W1T 2AF
> Registered in England No. 04551928

-- 
Rory Campbell-Lange
rory@campbell-lange.net

Campbell-Lange Workshop
www.campbell-lange.net
0207 6311 555
3 Tottenham Street London W1T 2AF
Registered in England No. 04551928

Reply to:

References:
- Re: [SECURITY] [DSA 2566-1] exim4 security update
  - From: Rory Campbell-Lange <rory@campbell-lange.net>

Prev by Date: Re: [SECURITY] [DSA 2566-1] exim4 security update
Next by Date: Re: [SECURITY] [DSA 2566-1] exim4 security update
Previous by thread: Re: [SECURITY] [DSA 2566-1] exim4 security update
Next by thread: Re: [SECURITY] [DSA 2566-1] exim4 security update
Index(es):
- Date
- Thread