Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20121026213933.GA16798@openwall.com>
Date: Sat, 27 Oct 2012 01:39:33 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: Phil Pennock <pdp@...m.org>
Subject: CVE-2012-5671: Exim <= 4.80 DKIM heap-based buffer overflow

Hi,

Exim 4.80.1 was released earlier today to fix a remotely triggerable
heap-based buffer overflow vulnerability in DKIM support (enabled by
default).  Here's the announcement as posted to the exim-announce list
(including instructions on how DKIM support may be disabled, and
download links for Exim 4.80.1):

https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html

A few distro tracking/updates URLs:

http://codelabs.ru/fbsd/ports/qa/mail/exim/4.80.1
http://security-tracker.debian.org/tracker/CVE-2012-5671
https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1071694
https://bugzilla.redhat.com/show_bug.cgi?id=869953
http://www.securityfocus.com/bid/56285

Distro vendors had 1 day of advance notice, which some have made use of.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.