Bug 702474 (CVE-2011-1764)
Summary: | CVE-2011-1764 exim: improper format string handling in DKIM signatures | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bressers, dwmw2, jskarvad, mlichvar |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | exim 4.76 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-08-10 18:36:33 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 702475, 705448 | ||
Bug Blocks: |
Description
Vincent Danen
2011-05-05 18:40:26 UTC
Created exim tracking bugs for this issue Affects: fedora-all [bug 702475] A workaround is to add "control = dkim_disable_verify" to an ACL to prevent processing DKIM signatures. Created exim tracking bugs for this issue Affects: epel-6 [bug 705448] According to: http://wiki.exim.org/EximSecurity This was resolved in upstream 4.76. Current supported versions of Fedora provide 4.76, however EPEL6 still provides 4.72 and is still vulnerable. It seems that EPEL6 did fix this, but incorrectly noted the wrong CVE: exim-4.72-0003-CVE-2011-1407.patch is from the git commit above, so it actually fixes CVE-2011-1764 and _not_ CVE-2011-1407 as the patch name and changelog implied. |