Date: Sat, 27 Oct 2012 01:39:33 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: Phil Pennock <pdp@...m.org> Subject: CVE-2012-5671: Exim <= 4.80 DKIM heap-based buffer overflow Hi, Exim 4.80.1 was released earlier today to fix a remotely triggerable heap-based buffer overflow vulnerability in DKIM support (enabled by default). Here's the announcement as posted to the exim-announce list (including instructions on how DKIM support may be disabled, and download links for Exim 4.80.1): https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html A few distro tracking/updates URLs: http://codelabs.ru/fbsd/ports/qa/mail/exim/4.80.1 http://security-tracker.debian.org/tracker/CVE-2012-5671 https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1071694 https://bugzilla.redhat.com/show_bug.cgi?id=869953 http://www.securityfocus.com/bid/56285 Distro vendors had 1 day of advance notice, which some have made use of. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ