Gentoo Archives: gentoo-announce

From: Mikle Kolyada <zlogene@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201401-32 ] Exim: Multiple vulnerabilities
Date: Mon, 27 Jan 2014 12:32:59
Message-Id: 52E652C1.6040706@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201401-32
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Exim: Multiple vulnerabilities
9 Date: January 27, 2014
10 Bugs: #322665, #348249, #353352, #366369, #439734
11 ID: 201401-32
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities were found in Exim, the worst of which leading
19 to remote execution of arbitrary code with root privileges.
20
21 Background
22 ==========
23
24 Exim is a highly configurable, drop-in replacement for sendmail.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 mail-mta/exim < 4.80.1 >= 4.80.1
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in Exim. Please review
38 the CVE identifiers referenced below for details.
39
40 Impact
41 ======
42
43 A remote attacker could possibly execute arbitrary code with the root
44 privileges, or cause a Denial of
45 Service condition.
46
47 Workaround
48 ==========
49
50 There is no known workaround at this time.
51
52 Resolution
53 ==========
54
55 All Exim users should upgrade to the latest version:
56
57 # emerge --sync
58 # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.80.1"
59
60 References
61 ==========
62
63 [ 1 ] CVE-2010-2023
64 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2023
65 [ 2 ] CVE-2010-2024
66 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2024
67 [ 3 ] CVE-2010-4344
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4344
69 [ 4 ] CVE-2010-4345
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4345
71 [ 5 ] CVE-2011-0017
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0017
73 [ 6 ] CVE-2011-1407
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1407
75 [ 7 ] CVE-2011-1764
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1764
77 [ 8 ] CVE-2012-5671
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5671
79
80 Availability
81 ============
82
83 This GLSA and any updates to it are available for viewing at
84 the Gentoo Security Website:
85
86 http://security.gentoo.org/glsa/glsa-201401-32.xml
87
88 Concerns?
89 =========
90
91 Security is a primary focus of Gentoo Linux and ensuring the
92 confidentiality and security of our users' machines is of utmost
93 importance to us. Any security concerns should be addressed to
94 security@g.o or alternatively, you may file a bug at
95 https://bugs.gentoo.org.
96
97 License
98 =======
99
100 Copyright 2014 Gentoo Foundation, Inc; referenced text
101 belongs to its owner(s).
102
103 The contents of this document are licensed under the
104 Creative Commons - Attribution / Share Alike license.
105
106 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature