[USN-1130-1] Exim vulnerability
--dTy3Mrz/UPE2dbVg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================================
Ubuntu Security Notice USN-1130-1
May 10, 2011
exim4 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Exim could be made to run arbitrary code under some conditions.
Software Description:
- exim4: Exim mail transfer agent
Details:
It was discovered that the Exim daemon did not correctly handle format
strings in DKIM headers. An unauthenticated remote attacker could send
specially crafted email to run arbitrary code as the Exim user. The
default compiler options for affected releases reduces the vulnerability
to a denial of service under most conditions.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
exim4-daemon-custom 4.74-1ubuntu1.1
exim4-daemon-heavy 4.74-1ubuntu1.1
exim4-daemon-light 4.74-1ubuntu1.1
Ubuntu 10.10:
exim4-daemon-custom 4.72-1ubuntu1.2
exim4-daemon-heavy 4.72-1ubuntu1.2
exim4-daemon-light 4.72-1ubuntu1.2
Ubuntu 10.04 LTS:
exim4-daemon-custom 4.71-3ubuntu1.2
exim4-daemon-heavy 4.71-3ubuntu1.2
exim4-daemon-light 4.71-3ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
CVE-2011-1764
Package Information:
https://launchpad.net/ubuntu/+source/exim4/4.74-1ubuntu1.1
https://launchpad.net/ubuntu/+source/exim4/4.72-1ubuntu1.2
https://launchpad.net/ubuntu/+source/exim4/4.71-3ubuntu1.2
--dTy3Mrz/UPE2dbVg
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Kees Cook <kees@outflux.net>
iQIcBAEBCgAGBQJNyahGAAoJEIly9N/cbcAm8qwP/R2epC4X7Kzg9ifJLzBBwsNQ
5/6um6fM0IhNG1efYBU/Ha5dsagv85uPtiRQQANuVOw0qsfsngB5sg4iiA5ojiU9
SDsvme44THhLDxsm1JU54FITV+t59e7QBVpIBliaN0GTzlWZzvUA0pgBiupulVOm
ghQNyQAk9IZQAdFdZC/+pxkKuK0ymEF/MPQMv2fxxlJ/11AooIVUzD/y9bkAbnx1
eDCppsfSsixaECNt9E1qwKZa5cqSUebgFSlCjJSNb+rPWU3aojr5XL7Ke0hUShKK
Zx8a2Sr2KdqKphdTSBei4Ax7JNl27kiGNXhAwvAgy2KeAxtjNptiANwWWpyN/D+j
JGo08La+BOUn/NRcVCksmSWolPK35vxjAfLg34v+SVGP8UPtbz/+e9X4uiLlKkpg
KrnT3QENI8ORkILrnqGGh3/5pevIyqdzfBwSqylAk6xqgIa/vVo/2T8HWc//mnHR
KgkCIpPnrifYirlPV9oVQyQO9NkHvqArWBM9oYJpCdwID2hFBJllgHuUyrXj23XF
6cdkqLKJwSG2nSVOohSX09CnIHtEAQCGtZlaz7CF5V0oT3coxJrXcWbIK533x5iT
60TPf6vXlAHBfnIWlziBGbz5l8RvSBqfZ30igB03FpqOgdsFqqoZQPzuSMBSRQZ3
bPdYc6eAuojHH3SUJgIg
=svss
-----END PGP SIGNATURE-----
--dTy3Mrz/UPE2dbVg--