[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LIH] (fwd) [SECURITY] [DSA-058-1] exim printf format attack



* Raju Mathur [linux-india] <11/06/01 08:30 +0530>:
 
> [Vendors have started releasing patched Exim packages.  Please upgrade
> -- Raju]
 
No official patch from the exim people yet.  And unfortunately 3.12 is old as
the hills (there are a lot of features that I use - and require - in the 3.2x
versions).

So best way is to run without header check syntax compiled in till Philip
Hazel gets back (he should be back today and I think an official patch will
be out within a while).

Right now, this bug is not critical - and doesnt affect you if you haven't
compiled your exim with header check syntax enabled.

I'd suggest "wait and watch" for a while.  If you are using debian, then
fine, of course.

	-suresh

-- 
Suresh Ramasubramanian  <-->  mallet <at> efn <dot> org
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin