[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Exim CVEs (21Nails)
|
From: |
Taylan Kammer |
|
Subject: |
Re: Exim CVEs (21Nails) |
|
Date: |
Mon, 17 May 2021 17:26:36 +0200 |
|
User-agent: |
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1 |
On 17.05.2021 16:44, Leo Famulari wrote:
> On Mon, May 17, 2021 at 12:10:26PM +0200, Taylan Kammer wrote:
>> Hi Guix people,
>>
>> Just wanted to make sure everyone's aware, since we package Exim:
>>
>> https://blog.qualys.com/vulnerabilities-research/2021/05/04/21nails-multiple-vulnerabilities-in-exim-mail-server
>>
>> "Last fall, the Qualys Research Team engaged in a thorough code audit of Exim
>> and discovered 21 unique vulnerabilities. Ten of these vulnerabilities can be
>> exploited remotely. Some of them leading to provide root privileges on the
>> remote system. And eleven can be exploited locally with most of them can be
>> exploited in either default configuration or in a very common configuration.
>> Some of the vulnerabilities can be chained together to obtain a full remote
>> unauthenticated code execution and gain root privileges on the Exim Server.
>> Most of the vulnerabilities discovered by the Qualys Research Team for e.g.
>> CVE-2020-28017 affects all versions of Exim going back all the way to 2004
>> (going back to the beginning of its Git history 17 years ago)."
>
> Fixed in commit 4ca8a00263 (gnu: Exim: Update to 4.94.2 [security
> fixes].)
>
> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=4ca8a002633f5d5c88c689fd41a686b5cdff33ec
>
On the same day that article was published, neat! :-)
--
Taylan