Gentoo Archives: gentoo-announce

From: Seemant Kulleen <seemant@g.o>
To: gentoo-announce@g.o, gentoo-security@g.o, lwn@×××.net
Subject: [gentoo-announce] Buffer overflow in Exim
Date: Thu, 18 Apr 2002 22:51:39
Message-Id: 20020418205138.08e61abe.seemant@gentoo.org
- -----------------------------------------------------------------------
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------
PACKAGE         : exim
SUMMARY         : security vulnerability in exim
DATE            : Apr 19 03:02:46 UTC 2002
- -----------------------------------------------------------------------

OVERVIEW

A security vulnerability has been found that might allow a local attacker
to gain elevated priveleges.  This affects Gentoo's exim-3.34-r1 and prior
packages.


DETAIL

Fix for a security vulnerability that could allow local attackers to gain
elevated privileges though a buffer overflow exploit.
http://www.securiteam.com/unixfocus/5CP0H206AI.html


SOLUTION

It is recommended that all Gentoo Linux users who are running exim update
their systems as follows.

emerge --clean rsync
emerge exim
emerge clean

- ------------------------------------------------------------------------
rphillips@g.o
seemant@g.o
drobbins@g.o
- ------------------------------------------------------------------------