Mark Martinec schrieb: > My guess is that you are bitten by a Linux regexp library problem, > triggered by the file(1) utility (it doesn't affect for example FreeBSD > with the same version of a file utility). It has been discussed before > on this ML. Also mentioned in: http://www.amavis.org/security/asa-2007-3.txt > in section 4.
Hi Mark, thanks for your answer! file is 4.17-5etch2 - which is not 4.21, but Debian people should have backported all relevant fixes as of my /usr/share/doc/file/changelog.Debian: > file (4.17-5etch1) testing-security; urgency=high > > * Applied patch from upstream to src/file.h, src/funcs.c and > src/magic.c to fix integer underflow in file_printf which can > lead to to exploitable heap overflow CVE-2007-1536 (Closes: > #415362, #416678). Cheers, Thomas ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
