[exim-dev] [Bug 1580] 【remote exec vulnerability】

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Phil Pennock
Data:  
Para: exim-dev
Asunto: [exim-dev] [Bug 1580] 【remote exec vulnerability】
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1580




--- Comment #2 from Phil Pennock <pdp@???> 2015-01-28 18:54:16 ---
In particular, for the record so that folks know why this is being dismissed so
readily:

http://www.openwall.com/lists/oss-security/2015/01/27/9

http://arstechnica.com/security/2015/01/highly-critical-ghost-allowing-code-execution-affects-most-linux-systems/

Also, there is an Exim-Announce mail warning of the issue and including
mitigation factors which can be applied, as exposing this vulnerability
requires turning on specific Exim configuration options, so turning them off
again will help; see:

https://lists.exim.org/lurker/message/20150127.200135.056f32f2.en.html
http://permalink.gmane.org/gmane.mail.exim.announce/162
(same post, two different archives)


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email