This is pretty serious and could easily cause some server hacks. Can we upgrade mail servers for just this issue more or less immediately? Please let me know what the status of the mailscanner server is.
Rory On 26/10/12, Nico Golde ([email protected]) wrote: > ------------------------------------------------------------------------- > Debian Security Advisory DSA-2566-1 [email protected] > http://www.debian.org/security/ Nico Golde > October 25, 2012 http://www.debian.org/security/faq > ------------------------------------------------------------------------- > > Package : exim4 > Vulnerability : heap-based buffer overflow > Problem type : remote > Debian-specific: no > CVE ID : CVE-2012-5671 > > It was discovered that Exim, a mail transport agent, is not properly > handling the decoding of DNS records for DKIM. Specifically, crafted > records can yield to a heap-based buffer overflow. An attacker can > exploit this flaw to execute arbitrary code. > > For the stable distribution (squeeze), this problem has been fixed in > version 4.72-6+squeeze3. > > For the testing distribution (wheezy), this problem has been fixed in > version 4.80-5.1. > > For the unstable distribution (sid), this problem has been fixed in > version 4.80-5.1. > > > We recommend that you upgrade your exim4 packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: [email protected] > > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact [email protected] > Archive: http://lists.debian.org/[email protected] > -- Rory Campbell-Lange [email protected] Campbell-Lange Workshop www.campbell-lange.net 0207 6311 555 3 Tottenham Street London W1T 2AF Registered in England No. 04551928 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
