Re: [exim] Exim 4.80.1 security release - details

Top Page
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: Re: [exim] Exim 4.80.1 security release - details
Am 26.10.2012 10:35, schrieb Phil Pennock:
> Folks,
>
> During internal code review on Wednesday, I uncovered a remote code
> execution hole in Exim, affecting releases 4.70 to 4.80, in the DKIM
> handling. This can be triggered by anyone who can send you email from a
> domain for which they control the DNS, and gets them the Exim run-time
> user.


I intensivly hope you have send this message to Redhat and co before
you got public here.
Otherwise we will have a massacre worldwide like 2 years ago.

What do you suggest as a workaround for people with installations from
distros ?

best regards,

Marius