[exim] Re: Exim Zero Day?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Andrew C Aitchison
Date:  
À: Randy Bush
CC: exim-users
Sujet: [exim] Re: Exim Zero Day?
On Sat, 30 Sep 2023, Randy Bush via Exim-users wrote:

>> https://seclists.org/oss-sec/2023/q3/254
>
> i tried putting that in my exim config and it threw errors


:-) I am not surprised.

I've seen some second hand reports (eg on the mailop list,
which 1) has a closed archive, and 2) seems unreachable this evening)
that the vulnerabilities are in SPA (Microsoft, NTLM) authentication and
libspf2.

Since Exim 4.97 release candidates are out for testing, I am assuming
that the fixes so far will be included when that is released as soon as
possible. Asking Jeremy and Heiko to comment further may slow this
further.

-- 
Andrew C. Aitchison                      Kendal, UK
                    andrew@???


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/