| Summary: | <mail-mta/exim-4.80.1 : DKIM DNS Decoding Buffer Overflow Vulnerability (CVE-2012-5671) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Fabian Groffen <grobian> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | bug, grobian |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://article.gmane.org/gmane.mail.exim.announce/147 | ||
| Whiteboard: | B1 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Fabian Groffen
2012-10-26 09:26:39 UTC
4.80.1 is the fixed version? yup, committed this morning Arches, please test and mark stable: =mail-mta/exim-4.80.1 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86" amd64 stable Stable for HPPA. Stable on alpha. stable ppc ppc64 x86 done. CVE-2012-5671 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5671): Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server. ia64/sparc stable Thanks, everyone. Added to existing GLSA draft. @security: please close this bug, all offending versions are gone This issue was resolved and addressed in GLSA 201401-32 at http://security.gentoo.org/glsa/glsa-201401-32.xml by GLSA coordinator Mikle Kolyada (Zlogene). |
