Mailing List Archive: Exim 4.80.1 Critical Security Release

It was recently discovered that certain Exim versions were not properly handling the decoding of DNS records for DKIM. Specifically crafted records can yield a heap-based buffer overflow where an attacker can exploit this flaw to execute arbitrary code. All of the Exim RPMs that ATrpms.net currently has posted include this security flaw.

Are there any plans to update Exim anytime soon to address this security flaw? Specifically, are there any plans to post Exim 4.80.1 RPMs any time soon?

Many thanks in advance for your reply!

Gordon

On 10/26/2012 09:25 AM, Gordon Dickens wrote:

As an FYI, the Exim developers released Exim 4.80.1 today which is a critical security release addressing a remote code execution flaw in Exim versions between 4.70 and 4.80 inclusive.

The release announcement is here:

https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html"]https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html

I hope that the atrpms folks will be able to post new Exim rpm files soon.

Thanks!

Gordon

_______________________________________________ atrpms-users mailing list atrpms-users@atrpms.net http://lists.atrpms.net/mailman/listinfo/atrpms-users"]http://lists.atrpms.net/mailman/listinfo/atrpms-users