Author: Mike Cardwell Date: To: exim-users Subject: Re: [exim] is exim affected by this ssl vulnerability?
On 03/01/2011 13:47, Dave Lugo wrote:
> A vulnerability has been discovered in the TLS server extension parsing of
> OpenSSL. Remote attackers may be able to trigger a race condition in
> multithreaded applications that use OpenSSL resulting in arbitrary code
> execution. To be susceptible, the application must use OpenSSL's internal
> caching mechanism. Apache and Stunnel are mentioned as two popular OpenSSL
> applications that are not affected by this vulnerability. We encourage
> customers to obtain updates from their respective distributions.
>
> Source:
>
> http://openssl.org/news/secadv_20101116.txt > http://www.theregister.co.uk/2010/11/16/openssl_security_fix/
I wouldn't have thought so. Exim isn't a multi-threaded application.