Re: [exim] is exim affected by this ssl vulnerability?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MDave Lugo at <-
 
Delete this message
Reply to this message
Author: Mike Cardwell
Date:  
To: exim-users
Subject: Re: [exim] is exim affected by this ssl vulnerability?
On 03/01/2011 13:47, Dave Lugo wrote:

> A vulnerability has been discovered in the TLS server extension parsing of
> OpenSSL. Remote attackers may be able to trigger a race condition in
> multithreaded applications that use OpenSSL resulting in arbitrary code
> execution. To be susceptible, the application must use OpenSSL's internal
> caching mechanism. Apache and Stunnel are mentioned as two popular OpenSSL
> applications that are not affected by this vulnerability. We encourage
> customers to obtain updates from their respective distributions.
>
> Source:
>
> http://openssl.org/news/secadv_20101116.txt
> http://www.theregister.co.uk/2010/11/16/openssl_security_fix/

I wouldn't have thought so. Exim isn't a multi-threaded application.

--
Mike Cardwell https://secure.grepular.com/ https://twitter.com/mickeyc
Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] is exim affected by this ssl vulnerability?Re: [exim] Parlez-vous Exim avec Mailman - ACL clarification sought->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)