Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 25 Dec 2016 11:44:10 +0100
From: Heiko Schlittermann <hs@...littermann.de>
To: oss-security@...ts.openwall.com
Subject: CVE-2016-9963 | Exim 4.87.1 released (Was: CVE
 Request - Exim 4.69-4.87) - disclosure of private information)

I've uploaded Exim 4.87.1 to:

    ftp://ftp.exim.org/pub/exim/exim4/old/
    git://git.exim.org/exim.git (tag exim-4_87_1)

Whilst this release is superseeded by 4.88 already, you're urged
to upgrade to 4.87.1, if 4.88 isn't an option for you yet.

No features are added or removed. This release contains
just a fix for CVE-2016-9963

    - Fix CVE-2016-9963 - Info leak from DKIM.  When signing DKIM, if
      either LMTP or PRDR was used for delivery, the key could appear in
      logs.  Additionally, if the experimental feature "DSN_INFO" was used,
      it could appear in DSN messages (and be sent offsite).

For details about the CVE please see

    https://exim.org/static/doc/CVE-2016-9963.txt

The release files for 4.87.1 are signed with the PGP key 0xF69376CE,
which has a uid "Heiko Schlittermann (HS12-RIPE) <hs@...littermann.de>".
Please use your own discretion in assessing what trust paths you might
have to this uid.

In case on any problems please contact us on exim-users@...m.org
or on the IRC channel #exim at freenode.

Sorry for the release date.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ