Re: [exim] is exim affected by this ssl vulnerability?

Page principale
Ce message fait partie du fil suivant :
MArborescence complète du fil triée par date
MDave Lugo à <-
 
Supprimer ce message
Répondre à ce message
Auteur: Mike Cardwell
Date:  
À: exim-users
Sujet: Re: [exim] is exim affected by this ssl vulnerability?
On 03/01/2011 13:47, Dave Lugo wrote:

> A vulnerability has been discovered in the TLS server extension parsing of
> OpenSSL. Remote attackers may be able to trigger a race condition in
> multithreaded applications that use OpenSSL resulting in arbitrary code
> execution. To be susceptible, the application must use OpenSSL's internal
> caching mechanism. Apache and Stunnel are mentioned as two popular OpenSSL
> applications that are not affected by this vulnerability. We encourage
> customers to obtain updates from their respective distributions.
>
> Source:
>
> http://openssl.org/news/secadv_20101116.txt
> http://www.theregister.co.uk/2010/11/16/openssl_security_fix/

I wouldn't have thought so. Exim isn't a multi-threaded application.

--
Mike Cardwell https://secure.grepular.com/ https://twitter.com/mickeyc
Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

Ce message a été envoyé sur les listes de diffusion suivantes :
Exim-users
Informations sur la liste de diffusion | Messages voisins		<-[exim] is exim affected by this ssl vulnerability?Re: [exim] Parlez-vous Exim avec Mailman - ACL clarification sought->
Tahini and Hummus and Cumin Development Archives administré par cumin AdminsLurker (version 2.3)