Gentoo Archives: gentoo-announce

From:	aliz@gentoo.org (Daniel Ahlberg)
To:	gentoo-announce@g.o, bugtraq@×××××××××××××.com, full-disclosure@××××××××××××.com
Subject:	[gentoo-announce] GLSA: exim (200309-09)
Date:	Mon, 15 Sep 2003 13:16:11
Message-Id:	`20030915130800.BD3039FBC4@noc.internal.fairytale.se`

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA1
3
4	- - - ---------------------------------------------------------------------
5	GENTOO LINUX SECURITY ANNOUNCEMENT 200309-09
6	- - - ---------------------------------------------------------------------
7
8	PACKAGE : exim
9	SUMMARY : buffer overflow
10	DATE : 2003-09-15 13:07 UTC
11	EXPLOIT : remote
12	VERSIONS AFFECTED : <exim-4.21
13	FIXED VERSION : >=exim-4.21
14	CVE : CAN-2003-0743
15
16	- - - ---------------------------------------------------------------------
17
18	quote from advisory:
19
20	"There's a heap overflow in all versions of exim3 and exim4 prior
21	to version 4.21. It can be exercised by anyone who can make an
22	SMTP connection to the exim daemon."
23
24	read the full advisory at:
25	http://marc.theaimsgroup.com/?l=vuln-dev&m=106264740820334&w=2
26
27	Altough not thought to be exploitable, users are encouraged to upgrade
28	exim.
29
30	SOLUTION
31
32	It is recommended that all Gentoo Linux users who are running
33	net-mail/exim upgrade to exim-4.21 as follows:
34
35	emerge sync
36	emerge exim
37	emerge clean
38
39	- - - ---------------------------------------------------------------------
40	aliz@g.o - GnuPG key is available at http://dev.gentoo.org/~aliz
41	raker@g.o
42	- - - ---------------------------------------------------------------------
43	-----BEGIN PGP SIGNATURE-----
44	Version: GnuPG v1.2.3 (GNU/Linux)
45
46	iD8DBQE/ZbmwfT7nyhUpoZMRAkuoAJ973hWIgX1pY6LW/fc6eP0pGZO0NQCcCzMh
47	VKHtQnVqlREiVHksIh6xj/0=
48	=emxR
49	-----END PGP SIGNATURE-----