On Fri, 2010-12-10 at 11:03 -0800, Brent Jones wrote:
> I believe Redhat ships a 4.6x version of Exim. I have a support
> contract with them if anyone believes it may be helpful to alert them
> about this issue and for them to distribute patched versions to Redhat
> customers.
Red Hat (with a space and a capital H) are aware and working on a fixed
package. They also helped with reproducing and diagnosing the exploit.
https://bugzilla.redhat.com/show_bug.cgi?id=661756 for CVE-2010-4344
https://bugzilla.redhat.com/show_bug.cgi?id=662012 for CVE-2010-4345
Fedora has Exim 4.72 and thus isn't affected.
--
dwmw2
