drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in exim
Name: |
Ausführen beliebiger Kommandos in exim |
|
ID: |
USN-1130-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 |
|
Datum: |
Mi, 11. Mai 2011, 06:41 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1764 |
|
Applikationen: |
exim |
|
Originalnachricht |
--===============4335907212598302794== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="dTy3Mrz/UPE2dbVg" Content-Disposition: inline
--dTy3Mrz/UPE2dbVg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-1130-1 May 10, 2011
exim4 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS
Summary:
Exim could be made to run arbitrary code under some conditions.
Software Description: - exim4: Exim mail transfer agent
Details:
It was discovered that the Exim daemon did not correctly handle format strings in DKIM headers. An unauthenticated remote attacker could send specially crafted email to run arbitrary code as the Exim user. The default compiler options for affected releases reduces the vulnerability to a denial of service under most conditions.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.04: exim4-daemon-custom 4.74-1ubuntu1.1 exim4-daemon-heavy 4.74-1ubuntu1.1 exim4-daemon-light 4.74-1ubuntu1.1
Ubuntu 10.10: exim4-daemon-custom 4.72-1ubuntu1.2 exim4-daemon-heavy 4.72-1ubuntu1.2 exim4-daemon-light 4.72-1ubuntu1.2
Ubuntu 10.04 LTS: exim4-daemon-custom 4.71-3ubuntu1.2 exim4-daemon-heavy 4.71-3ubuntu1.2 exim4-daemon-light 4.71-3ubuntu1.2
In general, a standard system update will make all the necessary changes.
References: CVE-2011-1764
Package Information: https://launchpad.net/ubuntu/+source/exim4/4.74-1ubuntu1.1 https://launchpad.net/ubuntu/+source/exim4/4.72-1ubuntu1.2 https://launchpad.net/ubuntu/+source/exim4/4.71-3ubuntu1.2
--dTy3Mrz/UPE2dbVg Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Kees Cook <kees@outflux.net>
iQIcBAEBCgAGBQJNyahGAAoJEIly9N/cbcAm8qwP/R2epC4X7Kzg9ifJLzBBwsNQ 5/6um6fM0IhNG1efYBU/Ha5dsagv85uPtiRQQANuVOw0qsfsngB5sg4iiA5ojiU9 SDsvme44THhLDxsm1JU54FITV+t59e7QBVpIBliaN0GTzlWZzvUA0pgBiupulVOm ghQNyQAk9IZQAdFdZC/+pxkKuK0ymEF/MPQMv2fxxlJ/11AooIVUzD/y9bkAbnx1 eDCppsfSsixaECNt9E1qwKZa5cqSUebgFSlCjJSNb+rPWU3aojr5XL7Ke0hUShKK Zx8a2Sr2KdqKphdTSBei4Ax7JNl27kiGNXhAwvAgy2KeAxtjNptiANwWWpyN/D+j JGo08La+BOUn/NRcVCksmSWolPK35vxjAfLg34v+SVGP8UPtbz/+e9X4uiLlKkpg KrnT3QENI8ORkILrnqGGh3/5pevIyqdzfBwSqylAk6xqgIa/vVo/2T8HWc//mnHR KgkCIpPnrifYirlPV9oVQyQO9NkHvqArWBM9oYJpCdwID2hFBJllgHuUyrXj23XF 6cdkqLKJwSG2nSVOohSX09CnIHtEAQCGtZlaz7CF5V0oT3coxJrXcWbIK533x5iT 60TPf6vXlAHBfnIWlziBGbz5l8RvSBqfZ30igB03FpqOgdsFqqoZQPzuSMBSRQZ3 bPdYc6eAuojHH3SUJgIg =svss -----END PGP SIGNATURE-----
--dTy3Mrz/UPE2dbVg--
--===============4335907212598302794== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4335907212598302794==--
|
|
|
|