Severe vulnerability in Exim

Qualys has put out an advisory on a vulnerability in the Exim mail transferagent, versions 4.87 through 4.91; it allows for easy command execution bya local attacker and remote execution in some scenarios. "To remotelyexploit this vulnerability in the default configuration, an attackermust keep a connection to the vulnerable server open for 7 days (bytransmitting one byte every few minutes). However, because of theextreme complexity of Exim's code, we cannot guarantee that thisexploitation method is unique; faster methods may exist." Sitesrunning Exim should upgrade to 4.92 if they have not already.