2011年1月27日

[installer 2661] exim-4.74

exim-4.74 出ています。

セキュリティホールの修正が含まれているようです。
http://www.exim.org/lurker/message/20110121.113731.1844cdcf.ja.html
http://lists.exim.org/lurker/message/20110126.034702.4d69c278.en.html
参照のこと。

☆ exim-4.74

http://www.exim.org/
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.74.tar.gz

Exim version 4.74
-----------------

TF/01 Failure to get a lock on a hints database can have serious
consequences so log it to the panic log.

TF/02 Log LMTP confirmation messages in the same way as SMTP,
controlled using the smtp_confirmation log selector.

TF/03 Include the error message when we fail to unlink a spool file.

DW/01 Bugzilla 139: Support dynamically loaded lookups as modules.
With thanks to Steve Haslam, Johannes Berg & Serge Demonchaux
for maintaining out-of-tree patches for some time.

PP/01 Bugzilla 139: Documentation and portability issues.
Avoid GNU Makefile-isms, let Exim continue to build on BSD.
Handle per-OS dynamic-module compilation flags.

PP/02 Let /dev/null have normal permissions.
The 4.73 fixes were a little too stringent and complained about the
permissions on /dev/null. Exempt it from some checks.
Reported by Andreas M. Kirchwitz.

PP/03 Report version information for many libraries, including
Exim version information for dynamically loaded libraries. Created
version.h, now support a version extension string for distributors
who patch heavily. Dynamic module ABI change.

PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a
privilege escalation vulnerability whereby the Exim run-time user
can cause root to append content of the attacker's choosing to
arbitrary files.

PP/05 Bugzilla 1041: merged DCC maintainer's fixes for return code.
(Wolfgang Breyha)

PP/06 Bugzilla 1071: fix delivery logging with untrusted macros.
If dropping privileges for untrusted macros, we disabled normal logging
on the basis that it would fail; for the Exim run-time user, this is not
the case, and it resulted in successful deliveries going unlogged.
Fixed. Reported by Andreas Metzler.

----
こがよういちろう


投稿者 xml-rpc : 2011年1月27日 10:19
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/101572
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。