Debian Lenny DSA-2131-1 Critical: Exim4 Remote Code Execution
debian
December 10, 2010
Several vulnerabilities have been found in exim4 that allow a remote attacker to execute arbitrary code as root user
Topics Covered
Summary
This update fixes a memory corruption issue that allows a remote
attacker to execute arbitrary code as the Debian-exim user
(CVE-2010-4344).
A fix for an additional issue that allows the Debian-exim user to
obtain root privileges (CVE-2010-4345) is currently being checked for
compatibility issues. It is not yet included in this upgrade but will
released soon in an update to this advisory.
For the stable distribution (lenny), this problem has been fixed in
version 4.69-9+lenny1.
This advisory only contains the packages for the alpha, amd64, hppa,
i386, ia64, powerpc, and s390 architectures. The packages for the
arm, armel, mips, mipsel, and sparc architectures will be released
as soon as they are built.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 4.70-1.
We strongly recommend that you upgrade your exim4 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will inst...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!