-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2131-1 security@xxxxxxxxxx http://www.debian.org/security/ Stefan Fritsch December 10, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : exim4 Vulnerability : arbitrary code execution Problem type : remote Debian-specific: no CVE Id(s) : CVE-2010-4344 Several vulnerabilities have been found in exim4 that allow a remote attacker to execute arbitrary code as root user. Exploits for these issues have been seen in the wild. This update fixes a memory corruption issue that allows a remote attacker to execute arbitrary code as the Debian-exim user (CVE-2010-4344). A fix for an additional issue that allows the Debian-exim user to obtain root privileges (CVE-2010-4345) is currently being checked for compatibility issues. It is not yet included in this upgrade but will released soon in an update to this advisory. For the stable distribution (lenny), this problem has been fixed in version 4.69-9+lenny1. This advisory only contains the packages for the alpha, amd64, hppa, i386, ia64, powerpc, and s390 architectures. The packages for the arm, armel, mips, mipsel, and sparc architectures will be released as soon as they are built. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 4.70-1. We strongly recommend that you upgrade your exim4 packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny (stable) - ----------------------------------------- Stable updates are available for alpha, amd64, hppa, i386, ia64, powerpc, and s390. Source archives: http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69-9+lenny1.diff.gz Size/MD5 checksum: 540338 02b14a5203dad202b090d360b0b2dcc9 http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69.orig.tar.gz Size/MD5 checksum: 1659309 f0176239d54546526f519e266182c019 http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69-9+lenny1.dsc Size/MD5 checksum: 1599 c4dbede4f942a293245a8b0e1345663b Architecture independent packages: http://security.debian.org/pool/updates/main/e/exim4/exim4-config_4.69-9+lenny1_all.deb Size/MD5 checksum: 347928 2c69c70452196863d68efa0ddaf11899 http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69-9+lenny1_all.deb Size/MD5 checksum: 7456 34aca3975b72dcef0eff854c55382f99 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_alpha.deb Size/MD5 checksum: 107042 3c23a5ca361eae84d8206fcbd03be2ac http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_alpha.deb Size/MD5 checksum: 268366 61e70a2e40c28490c5439ea574a42a1e http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_alpha.deb Size/MD5 checksum: 70452 bd403eea6c21a33aabed594970bb7ca0 http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_alpha.deb Size/MD5 checksum: 485246 4b73bb0a4969431ed2e1ba85f29cc33c http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_alpha.deb Size/MD5 checksum: 695552 06295b37a3d103ca6d1ca2600278efaa http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_alpha.deb Size/MD5 checksum: 545914 6d0656f5f30bdcf940a0ece3b0e766a6 http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_alpha.deb Size/MD5 checksum: 997988 6ef1e3418c34bd8d9754dec44435301f http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_alpha.deb Size/MD5 checksum: 782276 76b5512c6462f2a6f51c8a47e69732ed amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_amd64.deb Size/MD5 checksum: 730276 02b380cb498097cb3ec5181b65379b52 http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_amd64.deb Size/MD5 checksum: 270376 01b04f5b698a4d037abd7630101ac449 http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_amd64.deb Size/MD5 checksum: 451556 ff86270a77ce1bdf92fdc259eb0215ad http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_amd64.deb Size/MD5 checksum: 822322 30718293430eb39c6d33a4c9857e4d33 http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_amd64.deb Size/MD5 checksum: 503132 4a568aee8ee55837efabe0e721af541f http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_amd64.deb Size/MD5 checksum: 990794 79fb07ee829608b95a2fd362360d14ae http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_amd64.deb Size/MD5 checksum: 101578 2093fbcfc7fc0a725e663241459e4d1e http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_amd64.deb Size/MD5 checksum: 70436 bcd7d1ff8951ba07244caa0093e27bcd hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_hppa.deb Size/MD5 checksum: 459820 47f60e827fbae0082ab858475118c13f http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_hppa.deb Size/MD5 checksum: 104404 e698b32f0a154d793d4c15a85844ed94 http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_hppa.deb Size/MD5 checksum: 70432 3b2159106cb03501521f9ea7bc762f13 http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_hppa.deb Size/MD5 checksum: 797562 5df0c0e7b2ac32bd7db5701991d452c0 http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_hppa.deb Size/MD5 checksum: 269638 a8c0c36e980a6b22368223b943c70b02 http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_hppa.deb Size/MD5 checksum: 995296 0327487ce183070cc34c0b9ea92089ff http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_hppa.deb Size/MD5 checksum: 513740 93c376bc2945367b6b58011e41726d7c http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_hppa.deb Size/MD5 checksum: 708374 060dc9ae73ef8bb4b98f1eb7c1b78502 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_i386.deb Size/MD5 checksum: 422176 7da1afa89308957a060e3281b359d874 http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_i386.deb Size/MD5 checksum: 758182 855b16b433613e5ea59363b99dc6a51c http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_i386.deb Size/MD5 checksum: 469844 cf0a48604846b8632b5356f7e621dcc5 http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_i386.deb Size/MD5 checksum: 991462 6c09d3fe98c8871a27f1e7a15a063ad5 http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_i386.deb Size/MD5 checksum: 673206 9ed34917a025ee6d32602cf09fe823e5 http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_i386.deb Size/MD5 checksum: 98200 727f9dbc2991efe8615e6dcfd48a057a http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_i386.deb Size/MD5 checksum: 70440 fc1f17f43556c74bab524c60a47087b0 http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_i386.deb Size/MD5 checksum: 263162 0b4541a79cd0b007ace3ef537faf5f86 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_ia64.deb Size/MD5 checksum: 808168 217648adc9beeaef0457a6b1ec344174 http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_ia64.deb Size/MD5 checksum: 649130 08c2b30ac372463345ec2d0f791b7b27 http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_ia64.deb Size/MD5 checksum: 268344 ad1fee4c3347d3196e3d6bca8cab611a http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_ia64.deb Size/MD5 checksum: 120268 94e425a8d0f7aac0493ea83533d174f2 http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_ia64.deb Size/MD5 checksum: 725504 b504ff4c200e079847644cc1b67339e0 http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_ia64.deb Size/MD5 checksum: 70428 80fb3a62362526ff7bd199fe9c9f4cee http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_ia64.deb Size/MD5 checksum: 719612 b6e8101c9b75122f4bd2752ea94d0c50 http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_ia64.deb Size/MD5 checksum: 1001900 e0f2423c26bcff7999b1a573798ddc93 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_powerpc.deb Size/MD5 checksum: 516252 b4b01c81b24a0815fee01e63549d0fdb http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_powerpc.deb Size/MD5 checksum: 278010 28aafc3202b2b6c898c6bef9e3a3f8ae http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_powerpc.deb Size/MD5 checksum: 999716 f081a917ee8a7565b80a8a7e3f634714 http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_powerpc.deb Size/MD5 checksum: 70450 b067c3c2532ab5562288e909fda32107 http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_powerpc.deb Size/MD5 checksum: 106878 50dea9833a19929b7b45979f399362a4 http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_powerpc.deb Size/MD5 checksum: 723668 d40607cc70449a3c74949c29d526e1bf http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_powerpc.deb Size/MD5 checksum: 461508 08ddcdeac3b248a42b3ad8415297e003 http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_powerpc.deb Size/MD5 checksum: 812956 83c7f0c195df1fb6f378b6d9c2867824 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_s390.deb Size/MD5 checksum: 826020 fe652ff45f897f642b48d9b9e9bb4468 http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_s390.deb Size/MD5 checksum: 103964 67a88572dd097a47cc5681257248c21e http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_s390.deb Size/MD5 checksum: 270662 df3284678ba711a0ea5a54a20bf0d2ab http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_s390.deb Size/MD5 checksum: 70462 58c68883e8e16f7c46ea4ed780c51804 http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_s390.deb Size/MD5 checksum: 734468 eb2f61d7bf0f1d63e17ee7ea7e8b2f61 http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_s390.deb Size/MD5 checksum: 498378 4494d9ef50447b9e5c5729bce31b01b3 http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_s390.deb Size/MD5 checksum: 445274 0f34546a198f6c9f680dab68b42a361f http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_s390.deb Size/MD5 checksum: 998510 a5509affe7bee9a2d32da8fb60e38f34 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iD8DBQFNAkHjbxelr8HyTqQRAjasAJ9nk4OGBY1kEWYYjKupXHzRgpO+nQCg2KJ0 kvzhvhC408r0LXtjjqdHSgM= =KKHv -----END PGP SIGNATURE-----
