[Bug 708023] Re: exim 4.74 released fixes CVE-2011-0017

Launchpad Bug Tracker 708023 at bugs.launchpad.net
Thu Feb 10 14:39:31 UTC 2011 

This bug was fixed in the package exim4 - 4.69-2ubuntu0.3

---------------
exim4 (4.69-2ubuntu0.3) hardy-security; urgency=low

  * SECURITY UPDATE: local privilege escalation via alternate config file
    (LP: #697934)
    - debian/patches/80_CVE-2010-4345.dpatch: backport massive behaviour-
      altering changes from upstream git to fix issue.
    - debian/patches/81_CVE-2010-4345-docs.dpatch: backport documentation
      changes.
    - debian/patches/67_unnecessaryCopt.dpatch: Do not use exim's -C option
      in utility scripts. This would not work with ALT_CONFIG_PREFIX.
      Patch obtained from Debian's 4.69-9+lenny2.
    - Build with WHITELIST_D_MACROS=OUTGOING. After this security update,
      exim will not regain root privileges (usually necessary for local
      delivery) if the -D option was used. Macro identifiers listed in
      WHITELIST_D_MACROS are exempted from this restriction. mailscanner
      (4.79.11-2.2) uses -DOUTGOING.
    - Build with TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. After this
      security update, exim will not re-gain root privileges (usually
      necessary for local delivery) if the -C option was used. This makes
      it impossible to start a fully functional damon with an alternate
      configuration file. /etc/exim4/trusted_configs (can) contain a list
      of filenames (one per line, full path given) to which this
      restriction does not apply.
    - debian/exim4-daemon-*.NEWS: Add description of changes. Thanks to
      Debian and Andreas Metzler for the text.
    - CVE-2010-4345
  * SECURITY UPDATE: arbitrary file append via symlink attack (LP: #708023)
    - debian/patches/82_CVE-2011-0017.dpatch: check setuid and setgid return
      codes in src/exim.c, src/log.c.
    - CVE-2011-0017
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via hard link to another user's file (LP: #609620)
    - debian/patches/CVE-2010-2023.dpatch: check for links in
      src/transports/appendfile.c.
    - CVE-2010-2023
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via symlink on a lock file (LP: #609620)
    - debian/patches/CVE-2010-2024.dpatch: improve lock file handling in
      src/exim_lock.c, src/transports/appendfile.c.
    - CVE-2010-2024
  * debian/rules: disable debconf-updatepo so the security update doesn't
    alter translations.
 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>   Tue, 08 Feb 2011 15:19:27 -0500

** Changed in: exim4 (Ubuntu Hardy)
       Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2023

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2024

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4345

** Changed in: exim4 (Ubuntu Lucid)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to exim4 in ubuntu.
https://bugs.launchpad.net/bugs/708023

Title:
  exim 4.74 released fixes CVE-2011-0017

More information about the Ubuntu-server-bugs mailing list