Re: [exim] Exim 4.76 RC1 uploaded - SECURITY

Top Page
Delete this message
Reply to this message
Author: mailing@securitylabs.it
Date:  
To: exim-users
Subject: Re: [exim] Exim 4.76 RC1 uploaded - SECURITY
On 06/05/2011 13:23, Phil Pennock wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> I have uploaded Exim 4.76 RC1 to:
>     ftp://ftp.exim.org/pub/exim/exim4/test/

>
> I regret to inform you that 4.76 is a security-fix release, again. In
> this case, CVE-2011-1764: a format string attack in logging DKIM
> information from an inbound mail may permit anyone who can send you
> email to cause code to be executed as the Exim run-time user.

Hello, it is safe to disable DKIM processing by adding:

control = dkim_disable_verify

to an ACL?