1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2566-1] exim4 security update

    From Nico Golde@1:229/2 to All on Fri Oct 26 12:20:01 2012
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2566-1 [email protected] http://www.debian.org/security/ Nico Golde October 25, 2012 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : exim4
    Vulnerability : heap-based buffer overflow
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2012-5671

    It was discovered that Exim, a mail transport agent, is not properly
    handling the decoding of DNS records for DKIM. Specifically, crafted
    records can yield to a heap-based buffer overflow. An attacker can
    exploit this flaw to execute arbitrary code.

    For the stable distribution (squeeze), this problem has been fixed in
    version 4.72-6+squeeze3.

    For the testing distribution (wheezy), this problem has been fixed in
    version 4.80-5.1.

    For the unstable distribution (sid), this problem has been fixed in
    version 4.80-5.1.


    We recommend that you upgrade your exim4 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.12 (GNU/Linux)

    iEYEARECAAYFAlCKYrgACgkQHYflSXNkfP+/nwCeIN7ZAsHG/zXm3DpBcI/5rrhY 8hsAn3F0AzTH5wLvICpTM6InEny5vuCy
    =T8xi
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From Rory Campbell-Lange@1:229/2 to Nico Golde on Fri Oct 26 13:20:02 2012
    XPost: linux.debian.security
    From: [email protected]

    This is pretty serious and could easily cause some server hacks.

    Can we upgrade mail servers for just this issue more or less
    immediately? Please let me know what the status of the mailscanner
    server is.

    Rory

    On 26/10/12, Nico Golde ([email protected]) wrote:
    ------------------------------------------------------------------------- Debian Security Advisory DSA-2566-1 [email protected] http://www.debian.org/security/ Nico Golde October 25, 2012 http://www.debian.org/security/faq -------------------------------------------------------------------------

    Package : exim4
    Vulnerability : heap-based buffer overflow
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2012-5671

    It was discovered that Exim, a mail transport agent, is not properly
    handling the decoding of DNS records for DKIM. Specifically, crafted
    records can yield to a heap-based buffer overflow. An attacker can
    exploit this flaw to execute arbitrary code.

    For the stable distribution (squeeze), this problem has been fixed in
    version 4.72-6+squeeze3.

    For the testing distribution (wheezy), this problem has been fixed in
    version 4.80-5.1.

    For the unstable distribution (sid), this problem has been fixed in
    version 4.80-5.1.


    We recommend that you upgrade your exim4 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]



    --
    To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]


    --
    Rory Campbell-Lange
    [email protected]

    Campbell-Lange Workshop
    www.campbell-lange.net
    0207 6311 555
    3 Tottenham Street London W1T 2AF
    Registered in England No. 04551928


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From Rory Campbell-Lange@1:229/2 to Rory Campbell-Lange on Fri Oct 26 13:20:02 2012
    XPost: linux.debian.security
    From: [email protected]

    I've just updated the clw server.

    On 26/10/12, Rory Campbell-Lange ([email protected]) wrote:
    This is pretty serious and could easily cause some server hacks.

    Can we upgrade mail servers for just this issue more or less
    immediately? Please let me know what the status of the mailscanner
    server is.

    Rory

    On 26/10/12, Nico Golde ([email protected]) wrote:
    ------------------------------------------------------------------------- Debian Security Advisory DSA-2566-1 [email protected] http://www.debian.org/security/ Nico Golde October 25, 2012 http://www.debian.org/security/faq -------------------------------------------------------------------------

    Package : exim4
    Vulnerability : heap-based buffer overflow
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2012-5671

    It was discovered that Exim, a mail transport agent, is not properly handling the decoding of DNS records for DKIM. Specifically, crafted records can yield to a heap-based buffer overflow. An attacker can
    exploit this flaw to execute arbitrary code.

    For the stable distribution (squeeze), this problem has been fixed in version 4.72-6+squeeze3.

    For the testing distribution (wheezy), this problem has been fixed in version 4.80-5.1.

    For the unstable distribution (sid), this problem has been fixed in
    version 4.80-5.1.


    We recommend that you upgrade your exim4 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]



    --
    To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
    Archive: http://lists.debian.org/[email protected]


    --
    Rory Campbell-Lange
    [email protected]

    Campbell-Lange Workshop
    www.campbell-lange.net
    0207 6311 555
    3 Tottenham Street London W1T 2AF
    Registered in England No. 04551928

    --
    Rory Campbell-Lange
    [email protected]

    Campbell-Lange Workshop
    www.campbell-lange.net
    0207 6311 555
    3 Tottenham Street London W1T 2AF
    Registered in England No. 04551928


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)