----- Original Message ----- From: Wichert Akkerman <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, June 10, 2001 6:46 AM Subject: [SECURITY] [DSA-058-1] exim printf format attack > -----BEGIN PGP SIGNED MESSAGE----- > > - ------------------------------------------------------------------------ > Debian Security Advisory DSA-058-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Wichert Akkerman > June 10, 2001 > - ------------------------------------------------------------------------ > > > Package : exim > Problem type : remote printf format attack > Debian-specific: no > > Megyer Laszlo found a printf format bug in the exim mail transfer > agent. The code that checks the header syntax of an email logs > an error without protecting itself against printf format attacks. > > This problem has been fixed in version 3.12-10.1. Since that code is > not turned on by default a standard installation is not vulnerable, > but we still recommend to upgrade your exim package. > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > > Debian GNU/Linux 2.2 alias potato > - --------------------------------- > > Potato was released for alpha, arm, i386, m68k, powerpc and sparc. > > Source archives: > >http://security.debian.org/dists/stable/updates/main/source/exim_3.12-10.1.diff.gz > MD5 checksum: 959d5e70c78dd0f8daf1bcb470d2851a > http://security.debian.org/dists/stable/updates/main/source/exim_3.12-10.1.dsc > MD5 checksum: c3ae78797cc1da77b074b91c80f21fc8 > http://security.debian.org/dists/stable/updates/main/source/exim_3.12.orig.tar.gz > MD5 checksum: 336cd605cb121703af4f22a8c34bb333 > > ARM architecture: > >http://security.debian.org/dists/stable/updates/main/binary-arm/exim_3.12-10.1_arm.deb > MD5 checksum: 8553e97eef733ab850eba6926bead792 > >http://security.debian.org/dists/stable/updates/main/binary-arm/eximon_3.12-10.1_arm.deb > MD5 checksum: 2b56110866983b0bc4828bc0e4b0b7bd > > Alpha architecture: > >http://security.debian.org/dists/stable/updates/main/binary-alpha/exim_3.12-10.1_alpha.deb > MD5 checksum: 5e304c46581e3a1e6278b6a677b8308d > >http://security.debian.org/dists/stable/updates/main/binary-alpha/eximon_3.12-10.1_alpha.deb > MD5 checksum: b01e0f2d7986475eba02c280f5321cf2 > > Intel IA-32 architecture: > >http://security.debian.org/dists/stable/updates/main/binary-i386/exim_3.12-10.1_i386.deb > MD5 checksum: d7e4c6e286fae05abfce28841dc0530e > >http://security.debian.org/dists/stable/updates/main/binary-i386/eximon_3.12-10.1_i386.deb > MD5 checksum: 9dc3b11692b7047fef58c5a8da7741d8 > > Motorola 680x0 architecture: > >http://security.debian.org/dists/stable/updates/main/binary-m68k/exim_3.12-10.1_m68k.deb > MD5 checksum: 56ccf16d58ce07217a12809fca325597 > >http://security.debian.org/dists/stable/updates/main/binary-m68k/eximon_3.12-10.1_m68k.deb > MD5 checksum: 8031e4a9a8a65a63fdc686e81af0b469 > > PowerPC architecture: > >http://security.debian.org/dists/stable/updates/main/binary-powerpc/exim_3.12-10.1_powerpc.deb > MD5 checksum: 925523b2d5cb6aa43d146aec7125d59c > >http://security.debian.org/dists/stable/updates/main/binary-powerpc/eximon_3.12-10.1_powerpc.deb > MD5 checksum: 9fa51619d73061c7c221bb876bf65047 > > Sun Sparc architecture: > >http://security.debian.org/dists/stable/updates/main/binary-sparc/exim_3.12-10.1_sparc.deb > MD5 checksum: b13d02e8d2eb3542c8876f81051e29c7 > >http://security.debian.org/dists/stable/updates/main/binary-sparc/eximon_3.12-10.1_sparc.deb > MD5 checksum: ae8d1ac5b1b228deea25ba8a89c77d21 > > These packages will be moved into the stable distribution on its next > revision. > > For not yet released architectures please refer to the appropriate > directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . > > - -- > - ---------------------------------------------------------------------------- > apt-get: deb http://security.debian.org/ stable/updates main > dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main > Mailing list: [EMAIL PROTECTED] > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3ia > Charset: noconv > > iQB1AwUBOyK1W6jZR/ntlUftAQF3FQMAiXkoKRlL5Cvwgcmn1TL2VDvXvtgs/0YG > mvw0B8zMzUk+DfsJl94FC4lB3dclZRQl0O2SNGZbomhgOxhAxumLFUmMqLDcdOj8 > Fxr6SIwKg+cWZyg3PdFGcHk2wXY64JQg > =5FTy > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3
