[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2012-5671: Exim <= 4.80 DKIM heap-based buffer overflow
From: Solar Designer <solar () openwall ! com>
Date: 2012-10-26 21:39:33
Message-ID: 20121026213933.GA16798 () openwall ! com
[Download RAW message or body]
Hi,
Exim 4.80.1 was released earlier today to fix a remotely triggerable
heap-based buffer overflow vulnerability in DKIM support (enabled by
default). Here's the announcement as posted to the exim-announce list
(including instructions on how DKIM support may be disabled, and
download links for Exim 4.80.1):
https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html
A few distro tracking/updates URLs:
http://codelabs.ru/fbsd/ports/qa/mail/exim/4.80.1
http://security-tracker.debian.org/tracker/CVE-2012-5671
https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1071694
https://bugzilla.redhat.com/show_bug.cgi?id=869953
http://www.securityfocus.com/bid/56285
Distro vendors had 1 day of advance notice, which some have made use of.
Alexander
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic