Debians sikkerhedsbulletin
DSA-2131-1 exim4 -- udførelse af vilkårlig kode
- Rapporteret den:
- 10. dec 2010
- Berørte pakker:
- exim4
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Mitres CVE-ordbog: CVE-2010-4344.
- Yderligere oplysninger:
-
Flere sårbarheder er fundet i exim4, som gjorde det muligt for en fjernangriber at udføre vilkårlig kode som root-brugeren. Udnyttelser af disse problemer har været set i det fri.
Denne opdatering retter et hukommelseskorruptionsproblem, der gjorde det muligt for fjernangribere at udføre vilkårlig kode som Debian-exim-brugeren (CVE-2010-4344).
En rettelse til et yderligere problem, der gjorde det muligt for Debian-exim-brugeren at opnå root-rettigheder (CVE-2010-4345) er i øjeblikket ved at blive kontrolleret for kompatibilitetsproblemer. Den er endnu ikke med i denne opdatering, men vil snart blive frigivet i forbindelse med en opdatering af denne bulletin.
I den stabile distribution (lenny), er dette problem rettet i version 4.69-9+lenny1.
Denne bulletin indeholder kun pakker til arkitekturerne alpha, amd64, hppa, i386, ia64, powerpc og s390. Pakker til arkitekturerne arm, armel, mips, mipsel og sparc vil blive frigivet så snart de er blevet opbygget.
I distribution testing (squeeze) og i den ustabile distribution (sid), er dette problem rettet i version 4.70-1.
Vi anbefaler kraftigt at du opgraderer dine exim4-pakker.
- Rettet i:
-
Debian GNU/Linux 5.0 (lenny)
- Kildekode:
- http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69-9+lenny1.diff.gz
- http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69-9+lenny1.dsc
- http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69.orig.tar.gz
- Arkitekturuafhængig komponent:
- http://security.debian.org/pool/updates/main/e/exim4/exim4-config_4.69-9+lenny1_all.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69-9+lenny1_all.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69-9+lenny1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_amd64.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_ia64.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_s390.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.