Date: Sat, 27 Oct 2012 01:39:33 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: Phil Pennock <pdp@...m.org> Subject: CVE-2012-5671: Exim <= 4.80 DKIM heap-based buffer overflow Hi, Exim 4.80.1 was released earlier today to fix a remotely triggerable heap-based buffer overflow vulnerability in DKIM support (enabled by default). Here's the announcement as posted to the exim-announce list (including instructions on how DKIM support may be disabled, and download links for Exim 4.80.1): https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html A few distro tracking/updates URLs: http://codelabs.ru/fbsd/ports/qa/mail/exim/4.80.1 http://security-tracker.debian.org/tracker/CVE-2012-5671 https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1071694 https://bugzilla.redhat.com/show_bug.cgi?id=869953 http://www.securityfocus.com/bid/56285 Distro vendors had 1 day of advance notice, which some have made use of. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.