|
|
Subscribe / Log in / New account

Debian alert DLA-1001-1 (exim4)



From:
    	      Lucas Kanashiro <kanashiro@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 1001-1] exim4 security update 


Date:
    	      Sat, 24 Jun 2017 22:33:19 -0300


Message-ID:
    	      <20170625013314.33vo5zqgwmf3uiwc@riseup.net>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : exim4
Version        : 4.80-7+deb7u5
CVE ID         : CVE-2017-1000369

Exim supports the use of multiple "-p" command line arguments which are
malloc()'ed and never free()'ed, used in conjunction with other issues allows
attackers to cause arbitrary code execution.

For Debian 7 "Wheezy", these problems have been fixed in version
4.80-7+deb7u5.

We recommend that you upgrade your exim4 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAllPD+sACgkQ+COicpiD
yXzf7w//Zr2yuuRVRGuQIx+OyEjBT7p+DALs54UbbCjOXVDYmbvl+CcNxu7cxPZt
kbksx4hii5JtOWrQaIFOL9wyo4O3kpneWpbDL/EplFBqkfZvcgdYhqQjFtQuHwq+
oEUIVdyxZTRpyP3pExcmDmrSXGE9T5uBDXKVpt8FikvAXMgaIdfbXFV/xatkqVXM
vJRJup7cu8geJgxUz0dQ7uillRBVqpAU972xNx0yMswJV8D3zaF5SGUOWQ39zHfH
G/pvshELwhPv4QXCUP2Xqek0ljk3TxiNcNINDhvwCoBvWd+SRDl6d4PnsIzWD4lz
BQh4fprWg3b8XpXZFDu/5zqjt7sP5eSd+7FxP6x11o8hb4T0FlfZG1l/75I9hJXf
yLj+h1FaTIzi9ixjGGHHLA5ZQBnWjI/Qv60yFYPssCZtCTDDPhIHknTKpXWjVicA
KhCAmV101Wwm/O54Si3nVefGqsfdDzknJU4vspv7X+R6n6ApYFXc1a3EDfCgKS3N
X9Myha7IvCjGCOi25ssiSd4w+Ulx9ixA7NWJqYFOL0h45zYq6Un0oQZro1ZVYksH
oNc1WNXwHsEaFciQeAV3yxaDzJtZc7tdzJ3xwmUMwtOcCRJBut6sCiOGx1AlOj/t
/G2bLTMqNmb/qQd3k/bw4PV6peU5yhKhU7S2IXGTRGJXIxawU7g=
=Xj8m
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds