I've just updated the clw server. On 26/10/12, Rory Campbell-Lange (r...@campbell-lange.net) wrote: > This is pretty serious and could easily cause some server hacks. > > Can we upgrade mail servers for just this issue more or less > immediately? Please let me know what the status of the mailscanner > server is. > > Rory > > On 26/10/12, Nico Golde (n...@debian.org) wrote: > > ------------------------------------------------------------------------- > > Debian Security Advisory DSA-2566-1 secur...@debian.org > > http://www.debian.org/security/ Nico Golde > > October 25, 2012 http://www.debian.org/security/faq > > ------------------------------------------------------------------------- > > > > Package : exim4 > > Vulnerability : heap-based buffer overflow > > Problem type : remote > > Debian-specific: no > > CVE ID : CVE-2012-5671 > > > > It was discovered that Exim, a mail transport agent, is not properly > > handling the decoding of DNS records for DKIM. Specifically, crafted > > records can yield to a heap-based buffer overflow. An attacker can > > exploit this flaw to execute arbitrary code. > > > > For the stable distribution (squeeze), this problem has been fixed in > > version 4.72-6+squeeze3. > > > > For the testing distribution (wheezy), this problem has been fixed in > > version 4.80-5.1. > > > > For the unstable distribution (sid), this problem has been fixed in > > version 4.80-5.1. > > > > > > We recommend that you upgrade your exim4 packages. > > > > Further information about Debian Security Advisories, how to apply > > these updates to your system and frequently asked questions can be > > found at: http://www.debian.org/security/ > > > > Mailing list: debian-security-annou...@lists.debian.org > > > > > > > > -- > > To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org > > with a subject of "unsubscribe". Trouble? Contact > > listmas...@lists.debian.org > > Archive: http://lists.debian.org/20121026101520.ga31...@ngolde.de > > > > -- > Rory Campbell-Lange > r...@campbell-lange.net > > Campbell-Lange Workshop > www.campbell-lange.net > 0207 6311 555 > 3 Tottenham Street London W1T 2AF > Registered in England No. 04551928
-- Rory Campbell-Lange r...@campbell-lange.net Campbell-Lange Workshop www.campbell-lange.net 0207 6311 555 3 Tottenham Street London W1T 2AF Registered in England No. 04551928 -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20121026103904.gc6...@campbell-lange.net