On Mon, Oct 15, 2007 at 11:31:39AM +1000, Voytek Eymont wrote: > I saw on the amavis list that my present file had vulnerability, so I
How do you know that for sure? e.g. the vulnerabilities list says that 4.10 has a vulnerability, but many (most? all?) distros backport security fixes to older versions and then re-release. You haven't mentioned what distro or version you're using so I am going to guess Centos4 going from your past posts. So let's have a look at the changelog of the latest rpm: wget http://isoredirect.centos.org/centos/4/updates/i386/RPMS/file-4.10-3.0.2.el4.i386.rpm rpm -q --changelog -p file-4.10-3.0.2.el4.i386.rpm |less As expected, it does have security fixes backported, namely CVE-2007-2799 file integer overflow CVE-2007-1536 heap overflow And checking with the latest versions of file from fedora6 and fedora7 we see that exactly the same two vulnerabilities are fixed there too. So I _strongly_ suspect that all you have to do is 'yum update' and you're fixed, if you're not already. Matt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
