[exim] Mitigation statement for CVE-2023-42119

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Johnnie W Adams
Date:  
À: exim-users
Sujet: [exim] Mitigation statement for CVE-2023-42119
Hi, folks,

     What I take from this mitigation statement--Use a trustworthy DNS
resolver which is able to validate the data according to the DNS record
types--is that if our DNS service is solid, we are not vulnerable. Is this
accurate, or am I oversimplifying things? The mitigation statement from ZDI
was much more ominous, but I'm still parsing "network-adjacent attackers".


Thanks,

John A

--
John Adams
Senior Linux/Middleware Administrator | Information Technology Services
+1-501-916-3010 | jxadams@??? | http://ualr.edu/itservices
*UA Little Rock*

Reminder: IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts. For more information or to
report suspicious email, visit IT Security
<http://ualr.edu/itservices/security/>.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/