Security News Improper assertion of DKIM-Milter may cause crash
| Improper assertion of DKIM-Milter may cause crash |
 |
 |
| Written by Rebecca Mints |
| Friday, 13 March 2009 01:49 |
|
Debian Security has recently discovered a new vulnerability in DKIM-Milter, a DomainKeys Identified Mail protocol used in Linux, that can crash the system. According to a security advisory released last week by Debian, a flaw in the DKIM-Milter triggers an improper assertion while implementing a DKIM verification. During the process of DKIM verification, the DKIM-Milter may encounter a revoked public key record in the Domain Name System (DNS). Attackers usually create such public key records that are intended to punch a hole in the system and make it vulnerable to threats. Debian said that the old stable distribution (etch) does not include dkim-milter packages. However, a fix has been included in version 2.6.0.dfsg that passed stable distribution. Users are advised to upgrade their dkim-milter packages to patch the vulnerability. For users with the apt-get package manager, a source.list is available to upload updated version of the package. There is also an automated update available on the Debian website.
|