Multiple Exim security vulnerabilities disclosed

by
corbet
from LWN.net on (#6F6Q9)
The "Zero Day Initiative" site has posted a number of advisories (1, 2, 3, 4, 5, 6)describing a number of flaws in the Exim mail server, some of which areexploitable remotely. These problems, allegedly, were first reported tothe project in June 2022, well over one year ago. There is somedisagreement over the timing of events, with Exim developer HeikoSchlittermann claimingthat no actual information was received until last May, and an anonymousZDI representative disputingthat story.

Either way, the vulnerabilities are now disclosed, but patches are not yeton offer; Schlittermann said that "Fixes are available in a protectedrepository and are ready to be applied by the distributionmaintainers", so hopefully that situation will change soon.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments