Re: [exim] Exim 4.76 RC1 uploaded - SECURITY

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMPhil Pennock at <-
.MGraeme Fowler at ->
Delete this message
Reply to this message
Author: mailing@securitylabs.it
Date:  
To: exim-users
Subject: Re: [exim] Exim 4.76 RC1 uploaded - SECURITY
On 06/05/2011 13:23, Phil Pennock wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> I have uploaded Exim 4.76 RC1 to:
>     ftp://ftp.exim.org/pub/exim/exim4/test/

>
> I regret to inform you that 4.76 is a security-fix release, again. In
> this case, CVE-2011-1764: a format string attack in logging DKIM
> information from an inbound mail may permit anyone who can send you
> email to cause code to be executed as the Exim run-time user.
Hello, it is safe to disable DKIM processing by adding:

control = dkim_disable_verify

to an ACL?


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] Exim 4.76 RC1 uploaded - SECURITYRe: [exim] Exim 4.76 RC1 uploaded - SECURITY->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)