[exim-dev] [Bug 1580] 【remote exec vulnerability】

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Phil Pennock
日付:  
To: exim-dev
題目: [exim-dev] [Bug 1580] 【remote exec vulnerability】
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1580




--- Comment #2 from Phil Pennock <pdp@???> 2015-01-28 18:54:16 ---
In particular, for the record so that folks know why this is being dismissed so
readily:

http://www.openwall.com/lists/oss-security/2015/01/27/9

http://arstechnica.com/security/2015/01/highly-critical-ghost-allowing-code-execution-affects-most-linux-systems/

Also, there is an Exim-Announce mail warning of the issue and including
mitigation factors which can be applied, as exposing this vulnerability
requires turning on specific Exim configuration options, so turning them off
again will help; see:

https://lists.exim.org/lurker/message/20150127.200135.056f32f2.en.html
http://permalink.gmane.org/gmane.mail.exim.announce/162
(same post, two different archives)


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email