Hi, Please do not copy and paste contents of README.debian file. It's redundant information and significantly add works of translators for each supported language.
Seiji (11/01/30 19:41), Stefan Fritsch -san wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------ > Debian Security Advisory DSA-2154-1 secur...@debian.org > http://www.debian.org/security/ Stefan Fritsch > January 30, 2011 http://www.debian.org/security/faq > - ------------------------------------------------------------------------ > > Package : exim4 > Vulnerability : privilege escalation > Problem type : local > CVE Id(s) : CVE-2010-4345 CVE-2011-0017 > Behaviour change : yes > > A design flaw (CVE-2010-4345) in exim4 allowed the loal Debian-exim > user to obtain root privileges by specifying an alternate > configuration file using the -C option or by using the macro override > facility (-D option). Unfortunately, fixing this vulnerability is not > possible without some changes in exim4's behvaviour. If you use the -C > or -D options or use the system filter facility, you should evaluate > the changes carefully and adjust your configuration accordingly. The > Debian default configuration is not affected by the changes. > > The detailed list of changes is described in the NEWS.Debian file in > the packages. The relevant sections are also reproduced below. > > In addition to that, missing error handling for the setuid/setgid > system calls allowed the Debian-exim user to cause root to append > log data to arbitrary files (CVE-2011-0017). > > For the stable distribution (lenny), these problems have been fixed in > version 4.69-9+lenny3. > > For the testing distribution (squeeze) and the unstable distribution > (sid), these problem have been fixed in version 4.72-4. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > - ------------------------------------------------------------------------ > Excerpt from the NEWS.Debian file from the packages exim4-daemon-light > and exim4-daemon-heavy: > > Exim versions up to and including 4.72 are vulnerable to > CVE-2010-4345. This is a privilege escalation issue that allows the > exim user to gain root privileges by specifying an alternate > configuration file using the -C option. The macro override facility > (-D) might also be misused for this purpose. > > In reaction to this security vulnerability upstream has made a number > of user visible changes. This package includes these changes. > > If exim is invoked with the -C or -D option the daemon will not regain > root privileges though re-execution. This is usually necessary for > local delivery, though. Therefore it is generally not possible anymore > to run an exim daemon with -D or -C options. > > However this version of exim has been built with > TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. TRUSTED_CONFIG_LIST > defines a list of configuration files which are trusted; if a config > file is owned by root and matches a pathname in the list, then it may > be invoked by the Exim build-time user without Exim relinquishing root > privileges. > > As a hotfix to not break existing installations of mailscanner we have > also set WHITELIST_D_MACROS=OUTGOING. i.e. it is still possible to > start exim with -DOUTGOING while being able to do local deliveries. > > If you previously were using -D switches you will need to change your > setup to use a separate configuration file. The ".include" mechanism > makes this easy. > > The system filter is run as exim_user instead of root by default. If > your setup requies root privileges when running the system filter you > will need to set the system_filter_user exim main configuration > option. > - ------------------------------------------------------------------------ > > Mailing list: debian-security-annou...@lists.debian.org > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iD8DBQFNRUAWbxelr8HyTqQRAnoKAJ9yvfLsBBM+zDddAF0Bg1PRknw1vQCgoL4q > GRsuFBCpLRszeIrSYf6rIjk= > =6Cy/ > -----END PGP SIGNATURE----- > > -- Seiji Kaneko -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d454cc7.9010...@a2.mbn.or.jp