|
 |
Debian Security Advisory DSA 502-1 security@debian.org
Package : exim-tls Georgi Guninski discovered two stack-based buffer overflows in exim and exim-tls. They can not be exploited with the default configuration from the Debian system, though. The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update: CAN-2004-0399 When "sender_verify = true" is configured in exim.conf a buffer overflow can happen during verification of the sender. This problem is fixed in exim 4. CAN-2004-0400 When headers_check_syntax is configured in exim.conf a buffer overflow can happen during the header check. This problem does also exist in exim 4. For the stable distribution (woody) these problems have been fixed in version 3.35-3woody2. The unstable distribution (sid) does not contain exim-tls anymore. The functionality has been incorporated in the main exim versions which have these problems fixed in version 3.36-11 for exim 3 and in version 4.33-1 for exim 4. We recommend that you upgrade your exim-tls package. Upgrade Instructions wget url
will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody Source archives:
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2.dsc Alpha architecture:
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_alpha.deb ARM architecture:
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_arm.deb Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_i386.deb Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_ia64.deb HP Precision architecture:
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_hppa.deb Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_m68k.deb Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_mips.deb Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_mipsel.deb PowerPC architecture:
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_powerpc.deb IBM S/390 architecture:
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_s390.deb Sun Sparc architecture:
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_sparc.deb These files will probably be moved into the stable distribution on its next update. For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show  
|
 |
|
|
|
|
| All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux, Apache and PHP |
