Re: [exim] is exim affected by this ssl vulnerability?

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Mike Cardwell
Data:  
Para: exim-users
Assunto: Re: [exim] is exim affected by this ssl vulnerability?
On 03/01/2011 13:47, Dave Lugo wrote:

> A vulnerability has been discovered in the TLS server extension parsing of
> OpenSSL. Remote attackers may be able to trigger a race condition in
> multithreaded applications that use OpenSSL resulting in arbitrary code
> execution. To be susceptible, the application must use OpenSSL's internal
> caching mechanism. Apache and Stunnel are mentioned as two popular OpenSSL
> applications that are not affected by this vulnerability. We encourage
> customers to obtain updates from their respective distributions.
>
> Source:
>
> http://openssl.org/news/secadv_20101116.txt
> http://www.theregister.co.uk/2010/11/16/openssl_security_fix/


I wouldn't have thought so. Exim isn't a multi-threaded application.

--
Mike Cardwell https://secure.grepular.com/ https://twitter.com/mickeyc
Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F