Navigation
Search
|
Multiple Exim security vulnerabilities disclosed
Saturday September 30, 2023. 04:22 PM , from LWN.net
The 'Zero Day Initiative' site has posted a number of advisories (1, 2, 3, 4, 5, 6)
describing a number of flaws in the Exim mail server, some of which are exploitable remotely. These problems, allegedly, were first reported to the project in June 2022, well over one year ago. There is some disagreement over the timing of events, with Exim developer Heiko Schlittermann claiming that no actual information was received until last May, and an anonymous ZDI representative disputing that story. Either way, the vulnerabilities are now disclosed, but patches are not yet on offer; Schlittermann said that 'Fixes are available in a protected repository and are ready to be applied by the distribution maintainers', so hopefully that situation will change soon.
https://lwn.net/Articles/946004/
|
25 sources
Current Date
May, Sat 4 - 06:42 CEST
|