[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LIH] (fwd) [SECURITY] [DSA-058-1] exim printf format attack

To: linux-india-help@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [LIH] (fwd) [SECURITY] [DSA-058-1] exim printf format attack
From: Suresh Ramasubramanian <mallet@xxxxxxx>
Date: Mon, 11 Jun 2001 10:09:31 +0530
Cc: linux-delhi@xxxxxxxxxxxxxxxxxxxxx
In-reply-to: <15140.13394.947474.998806@mail.linux-delhi.org>; from raju@linux-delhi.org on Mon, Jun 11, 2001 at 08:30:34AM +0530
Mail-followup-to: linux-india-help@xxxxxxxxxxxxxxxxxxxxx, linux-delhi@xxxxxxxxxxxxxxxxxxxxx
Organization: Hopelessly Disorganized
References: <15140.13394.947474.998806@mail.linux-delhi.org>
User-agent: Mutt/1.3.17i

* Raju Mathur [linux-india] <11/06/01 08:30 +0530>:
 
> [Vendors have started releasing patched Exim packages.  Please upgrade
> -- Raju]
 
No official patch from the exim people yet.  And unfortunately 3.12 is old as
the hills (there are a lot of features that I use - and require - in the 3.2x
versions).

So best way is to run without header check syntax compiled in till Philip
Hazel gets back (he should be back today and I think an official patch will
be out within a while).

Right now, this bug is not critical - and doesnt affect you if you haven't
compiled your exim with header check syntax enabled.

I'd suggest "wait and watch" for a while.  If you are using debian, then
fine, of course.

	-suresh

-- 
Suresh Ramasubramanian  <-->  mallet <at> efn <dot> org
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin

References:
- (fwd) [SECURITY] [DSA-058-1] exim printf format attack
  - From: Raju Mathur

Prev by Subject: Re: [LIG] Signs of the times?
Next by Subject: Re: [LIH] Dax Internal Modem Driver
Previous by thread: (fwd) [SECURITY] [DSA-058-1] exim printf format attack
Next by thread: kernel 2.4.1 pcq "make dep" problem
Index(es):
- Subject
- Thread