On 03/01/2011 13:47, Dave Lugo wrote:
> A vulnerability has been discovered in the TLS server extension parsing of
> OpenSSL. Remote attackers may be able to trigger a race condition in
> multithreaded applications that use OpenSSL resulting in arbitrary code
> execution. To be susceptible, the application must use OpenSSL's internal
> caching mechanism. Apache and Stunnel are mentioned as two popular OpenSSL
> applications that are not affected by this vulnerability. We encourage
> customers to obtain updates from their respective distributions.
>
> Source:
>
> http://openssl.org/news/secadv_20101116.txt
> http://www.theregister.co.uk/2010/11/16/openssl_security_fix/
I wouldn't have thought so. Exim isn't a multi-threaded application.
--
Mike Cardwell
https://secure.grepular.com/ https://twitter.com/mickeyc
Professional
http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F