exim4 4.69-11ubuntu4.2 source package in Ubuntu
Changelog
exim4 (4.69-11ubuntu4.2) karmic-security; urgency=low
* SECURITY UPDATE: local privilege escalation via alternate config file
(LP: #697934)
- debian/patches/80_CVE-2010-4345.dpatch: backport massive behaviour-
altering changes from upstream git to fix issue.
- debian/patches/81_CVE-2010-4345-docs.dpatch: backport documentation
changes.
- debian/patches/67_unnecessaryCopt.dpatch: Do not use exim's -C option
in utility scripts. This would not work with ALT_CONFIG_PREFIX.
Patch obtained from Debian's 4.69-9+lenny2.
- Build with WHITELIST_D_MACROS=OUTGOING. After this security update,
exim will not regain root privileges (usually necessary for local
delivery) if the -D option was used. Macro identifiers listed in
WHITELIST_D_MACROS are exempted from this restriction. mailscanner
(4.79.11-2.2) uses -DOUTGOING.
- Build with TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. After this
security update, exim will not re-gain root privileges (usually
necessary for local delivery) if the -C option was used. This makes
it impossible to start a fully functional damon with an alternate
configuration file. /etc/exim4/trusted_configs (can) contain a list
of filenames (one per line, full path given) to which this
restriction does not apply.
- debian/exim4-daemon-*.NEWS: Add description of changes. Thanks to
Debian and Andreas Metzler for the text.
- CVE-2010-4345
* SECURITY UPDATE: arbitrary file append via symlink attack (LP: #708023)
- debian/patches/82_CVE-2011-0017.dpatch: check setuid and setgid return
codes in src/exim.c, src/log.c.
- CVE-2011-0017
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via hard link to another user's file (LP: #609620)
- debian/patches/CVE-2010-2023.dpatch: check for links in
src/transports/appendfile.c.
- CVE-2010-2023
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via symlink on a lock file (LP: #609620)
- debian/patches/CVE-2010-2024.dpatch: improve lock file handling in
src/exim_lock.c, src/transports/appendfile.c.
- CVE-2010-2024
* debian/rules: disable debconf-updatepo so the security update doesn't
alter translations.
-- Marc Deslauriers <email address hidden> Tue, 08 Feb 2011 13:41:17 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Karmic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| exim4_4.69.orig.tar.gz | 1.6 MiB | 1b5c4efa29a0957b838013e222789fe4de7717853d31ba941ab838269623b37c |
| exim4_4.69-11ubuntu4.2.diff.gz | 559.4 KiB | 7f28b49f635eda1bea43a0dcf8aaef34d5a6d5e001a21e8af825892124ff2e67 |
| exim4_4.69-11ubuntu4.2.dsc | 2.3 KiB | 0a47af55779ed84f84c88e6f63fdea45e4fd994bae60498e7d1ccc7282d8cb4f |
Available diffs
Binary packages built by this source
- exim4: No summary available for exim4 in ubuntu karmic.
No description available for exim4 in ubuntu karmic.
- exim4-base: No summary available for exim4-base in ubuntu karmic.
No description available for exim4-base in ubuntu karmic.
- exim4-config: No summary available for exim4-config in ubuntu karmic.
No description available for exim4-config in ubuntu karmic.
- exim4-daemon-heavy: No summary available for exim4-daemon-heavy in ubuntu karmic.
No description available for exim4-daemon-heavy in ubuntu karmic.
- exim4-daemon-heavy-dbg: No summary available for exim4-daemon-heavy-dbg in ubuntu karmic.
No description available for exim4-daemon-
heavy-dbg in ubuntu karmic.
- exim4-daemon-light: No summary available for exim4-daemon-light in ubuntu karmic.
No description available for exim4-daemon-light in ubuntu karmic.
- exim4-daemon-light-dbg: No summary available for exim4-daemon-light-dbg in ubuntu karmic.
No description available for exim4-daemon-
light-dbg in ubuntu karmic.
- exim4-dbg: No summary available for exim4-dbg in ubuntu karmic.
No description available for exim4-dbg in ubuntu karmic.
- exim4-dev: No summary available for exim4-dev in ubuntu karmic.
No description available for exim4-dev in ubuntu karmic.
- eximon4: No summary available for eximon4 in ubuntu karmic.
No description available for eximon4 in ubuntu karmic.
