Re: [AMaViS-user] AMaViS Security Announcement ASA-2007-1: exploitable security vulnerability in file(1) utility

On Fri, Mar 23, 2007 at 05:22:35PM +0100, Mark Martinec wrote: > > 1. Problem description > A security issue (integer underflow) in the GNU file(1) utility can > lead to a heap overflow. > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 > http://mx.gw.com/pipermail/file/2007/000161.ht

Re: [AMaViS-user] AMaViS Security Announcement ASA-2007-1:exploitablesecurity vulnerability in file(1) utility

- Original Message - From: "Anders Norrbring" <[EMAIL PROTECTED]> To: Sent: Tuesday, March 27, 2007 7:12 PM Subject: Re: [AMaViS-user] AMaViS Security Announcement ASA-2007-1:exploitablesecurity vulnerability in file(1) utility > MrC skrev: >>> Leon, >>> Is there any file 4.20 or

Re: [AMaViS-user] AMaViS Security Announcement ASA-2007-1:exploitablesecurity vulnerability in file(1) utility

On Tue, 27 Mar 2007, MrC wrote: > >> Leon, >> >>> Is there any file 4.20 or newer src.rpm for SuSE? >>> I've tried to google but didn't find any :( >> >> ftp://ftp.astron.com/pub/file/ >> >> ./configure; make; make install >> >> Mark > > Just a cautionary note... > > Self-builds may cause proble

Re: [AMaViS-user] AMaViS Security Announcement ASA-2007-1:exploitablesecurity vulnerability in file(1) utility

MrC skrev: >> Leon, >> >>> Is there any file 4.20 or newer src.rpm for SuSE? >>> I've tried to google but didn't find any :( >> ftp://ftp.astron.com/pub/file/ >> >> ./configure; make; make install >> >> Mark For SUSE, ./configure --prefix=/usr, then make and make install Anders. > > Just a c

Re: [AMaViS-user] AMaViS Security Announcement ASA-2007-1:exploitablesecurity vulnerability in file(1) utility

> Leon, > > > Is there any file 4.20 or newer src.rpm for SuSE? > > I've tried to google but didn't find any :( > > ftp://ftp.astron.com/pub/file/ > > ./configure; make; make install > > Mark Just a cautionary note... Self-builds may cause problems for some installations. The default inst

[AMaViS-user] amavisd in other languages?

Hi there! Can I have amavisd send notifications in other languages other than English (i.e, is there a localization project for amavisd?) TIA, Ignacio - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.n

Re: [AMaViS-user] AMaViS Security Announcement ASA-2007-1: exploitablesecurity vulnerability in file(1) utility

Julio, > Its necessary to patch "patch-4.20-REG_STARTEND > " ? No. It covers for missing REG_STARTEND flag/functionality in a system's REGEX(3) library (probably with some old OS versions). Mark --

Re: [AMaViS-user] AMaViS Security Announcement ASA-2007-1: exploitablesecurity vulnerability in file(1) utility

Leon, > Is there any file 4.20 or newer src.rpm for SuSE? > I've tried to google but didn't find any :( ftp://ftp.astron.com/pub/file/ ./configure; make; make install Mark - Take Surveys. Earn Cash. Influence the Future

Re: [AMaViS-user] no module: Mail::SpamAssassin::Plugin::URIDetail

Frank, > in the logfile from amavisd-new 2.4.5 found this messages: > INFO: no optional modules: Mail::SpamAssassin::Plugin::URIDetail > In Cpan or in the source from SpamAssassin 3.1.8 found not the Module. You may ignore the message. The Mail::SpamAssassin::Plugin::URIDetail appeared in January

Re: [AMaViS-user] AMaViS Security Announcement ASA-2007-1:exploitable security vulnerability in file(1) utility

Michael, > Is the stock on on FBSD vulnerable? So it appears. It is 4.12, and there were no other significant changes in funcs.c/file_printf up to 4.19, the real change is only in 4.20. Mark - Take Surveys. Earn Cash. Inf

[AMaViS-user] no module: Mail::SpamAssassin::Plugin::URIDetail

Hallo, in the logfile from amavisd-new 2.4.5 found this messages: INFO: no optional modules: Mail::SpamAssassin::Plugin::URIDetail In Cpan or in the source from SpamAssassin 3.1.8 found not the Module. Can I help you. Thanks. -- Frank Patzig

Re: [AMaViS-user] AMaViS Security Announcement ASA-2007-1: exploitable security vulnerability in file(1) utility

On 3/27/07, Mark Martinec <[EMAIL PROTECTED]> wrote: > > alex, > > > > Vulnerability: file utility > > > Priority: urgent > > > Solution: update to file 4.20 or later > > > Is FreeBSD affected or is the BSD file not same as GNU file? > > The version from ports (

Re: [AMaViS-user] AMaViS Security Announcement ASA-2007-1:exploitable security vulnerability in file(1) utility

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Mark Martinec > Sent: Tuesday, March 27, 2007 6:51 AM > To: amavis-user@lists.sourceforge.net > Subject: Re: [AMaViS-user] AMaViS Security Announcement > ASA-2007-1:exploitable security vulnerabil

Re: [AMaViS-user] AMaViS Security Announcement ASA-2007-1: exploitable security vulnerability in file(1) utility

alex, > > Vulnerability: file utility > > Priority: urgent > > Solution: update to file 4.20 or later > Is FreeBSD affected or is the BSD file not same as GNU file? The version from ports (sysutils/file) is 4.20 (since 2007-03-03) but you need to install it.

Re: [AMaViS-user] AMaViS Security Announcement ASA-2007-1: exploitablesecurity vulnerability in file(1) utility

> > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > == > = > AMaViS Security Announcement > > Date: 2007-03-23 > affected version(s):amavis, amavisd, amavisd-new, amavis-ng >

Re: [AMaViS-user] AMaViS Security Announcement ASA-2007-1: exploitable security vulnerability in file(1) utility

On 3/23/07, Mark Martinec <[EMAIL PROTECTED]> wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > === > AMaViS Security Announcement > > Date: 2007-03-23 > affected version