Re: [SECURITY] [DSA 2566-1] exim4 security update
I've just updated the clw server.
On 26/10/12, Rory Campbell-Lange (rory@campbell-lange.net) wrote:
> This is pretty serious and could easily cause some server hacks.
>
> Can we upgrade mail servers for just this issue more or less
> immediately? Please let me know what the status of the mailscanner
> server is.
>
> Rory
>
> On 26/10/12, Nico Golde (nion@debian.org) wrote:
> > -------------------------------------------------------------------------
> > Debian Security Advisory DSA-2566-1 security@debian.org
> > http://www.debian.org/security/ Nico Golde
> > October 25, 2012 http://www.debian.org/security/faq
> > -------------------------------------------------------------------------
> >
> > Package : exim4
> > Vulnerability : heap-based buffer overflow
> > Problem type : remote
> > Debian-specific: no
> > CVE ID : CVE-2012-5671
> >
> > It was discovered that Exim, a mail transport agent, is not properly
> > handling the decoding of DNS records for DKIM. Specifically, crafted
> > records can yield to a heap-based buffer overflow. An attacker can
> > exploit this flaw to execute arbitrary code.
> >
> > For the stable distribution (squeeze), this problem has been fixed in
> > version 4.72-6+squeeze3.
> >
> > For the testing distribution (wheezy), this problem has been fixed in
> > version 4.80-5.1.
> >
> > For the unstable distribution (sid), this problem has been fixed in
> > version 4.80-5.1.
> >
> >
> > We recommend that you upgrade your exim4 packages.
> >
> > Further information about Debian Security Advisories, how to apply
> > these updates to your system and frequently asked questions can be
> > found at: http://www.debian.org/security/
> >
> > Mailing list: debian-security-announce@lists.debian.org
> >
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> > Archive: http://lists.debian.org/20121026101520.GA31943@ngolde.de
> >
>
> --
> Rory Campbell-Lange
> rory@campbell-lange.net
>
> Campbell-Lange Workshop
> www.campbell-lange.net
> 0207 6311 555
> 3 Tottenham Street London W1T 2AF
> Registered in England No. 04551928
--
Rory Campbell-Lange
rory@campbell-lange.net
Campbell-Lange Workshop
www.campbell-lange.net
0207 6311 555
3 Tottenham Street London W1T 2AF
Registered in England No. 04551928
Reply to: