|
|
|
Choosing A Webhost: |
[USN-56-1] exim4 vulnerabilities: msg#00002linux.ubuntu.security.announce
=========================================================== Ubuntu Security Notice USN-56-1 January 07, 2005 exim4 vulnerabilities CAN-2005-0021, CAN-2005-0022 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: exim4-daemon-heavy exim4-daemon-light The problem can be corrected by upgrading the affected package to version 4.34-5ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A flaw has been found in the host_aton() function, which can overflow a buffer if it is presented with an illegal IPv6 address that has more than 8 components. When supplying certain command line parameters, the input was not checked, so that a local attacker could possibly exploit the buffer overflow to run arbitrary code with the privileges of the Exim mail server. (CAN-2005-0021) Additionally, the BASE64 decoder in the SPA authentication handler did not check the size of its output buffer. By sending an invalid BASE64 authentication string, a remote attacker could overflow the buffer, which could possibly be exploited to run arbitrary code with the privileges of the Exim mail server. (CAN-2005-0022) Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/exim4/exim4_4.34-5ubuntu1.1.diff.gz Size/MD5: 463699 cdb8d46e351c34fc1f89536fdae343da http://security.ubuntu.com/ubuntu/pool/main/e/exim4/exim4_4.34-5ubuntu1.1.dsc Size/MD5: 1080 864fe588fae6035a5e258f5c04cf7dab http://security.ubuntu.com/ubuntu/pool/main/e/exim4/exim4_4.34.orig.tar.gz Size/MD5: 1717473 acdf7117f18b71702d4da284b1263275 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/e/exim4/exim4-config_4.34-5ubuntu1.1_all.deb Size/MD5: 171766 9c845bd86beaee3d52c42c813b1ad032 http://security.ubuntu.com/ubuntu/pool/universe/e/exim4/exim4_4.34-5ubuntu1.1_all.deb Size/MD5: 1200 5cd02a62d88ba49c5df8008938ef4f65 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/e/exim4/exim4-base_4.34-5ubuntu1.1_amd64.deb Size/MD5: 787866 e748245e594745259b3708545aa6c4b1 http://security.ubuntu.com/ubuntu/pool/main/e/exim4/exim4-daemon-heavy_4.34-5ubuntu1.1_amd64.deb Size/MD5: 431982 a3027eeb99010ec3fbbd9ed8d7602c6b http://security.ubuntu.com/ubuntu/pool/main/e/exim4/exim4-daemon-light_4.34-5ubuntu1.1_amd64.deb Size/MD5: 360702 407afc6744039f296993d4a0b0d07203 http://security.ubuntu.com/ubuntu/pool/universe/e/exim4/eximon4_4.34-5ubuntu1.1_amd64.deb Size/MD5: 73474 22e6e191c1a624555ddcb0dbef570398 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/e/exim4/exim4-base_4.34-5ubuntu1.1_i386.deb Size/MD5: 784452 20baa66e23f89210828da736e978dcf2 http://security.ubuntu.com/ubuntu/pool/main/e/exim4/exim4-daemon-heavy_4.34-5ubuntu1.1_i386.deb Size/MD5: 406080 0fca8d0a724c1028847e4770640abd00 http://security.ubuntu.com/ubuntu/pool/main/e/exim4/exim4-daemon-light_4.34-5ubuntu1.1_i386.deb Size/MD5: 336978 b479636f03f2f370443109e7d69a8a4b http://security.ubuntu.com/ubuntu/pool/universe/e/exim4/eximon4_4.34-5ubuntu1.1_i386.deb Size/MD5: 69218 e230f352300632a19d0f36ef8c4b6ca7 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/e/exim4/exim4-base_4.34-5ubuntu1.1_powerpc.deb Size/MD5: 792338 4f59dfd48441b4ba58cf7379278b5414 http://security.ubuntu.com/ubuntu/pool/main/e/exim4/exim4-daemon-heavy_4.34-5ubuntu1.1_powerpc.deb Size/MD5: 437952 7c0e3eb42f5aaf21c56571e4ce76e863 http://security.ubuntu.com/ubuntu/pool/main/e/exim4/exim4-daemon-light_4.34-5ubuntu1.1_powerpc.deb Size/MD5: 364814 d89db8c70e78070c8cad5e64e99702ab http://security.ubuntu.com/ubuntu/pool/universe/e/exim4/eximon4_4.34-5ubuntu1.1_powerpc.deb Size/MD5: 74848 6e9f16cbaf431df8412748c98ba2561b
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | [USN-54-1] TIFF library tool vulnerability, Martin Pitt |
|---|---|
| Next by Date: | [USN-57-1] Linux kernel vulnerabilities, Martin Pitt |
| Previous by Thread: | [USN-54-1] TIFF library tool vulnerability, Martin Pitt |
| Next by Thread: | [USN-57-1] Linux kernel vulnerabilities, Martin Pitt |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
Free MagazinesCisco NewsReceive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business. subscribe Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field. subscribe The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business. subscribe Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company. subscribe Total Telecom Total Telecom is "The Economist of the communications industry". subscribe |
