Hi, Re this:
A vulnerability has been discovered in the TLS server extension parsing of OpenSSL. Remote attackers may be able to trigger a race condition in multithreaded applications that use OpenSSL resulting in arbitrary code execution. To be susceptible, the application must use OpenSSL's internal caching mechanism. Apache and Stunnel are mentioned as two popular OpenSSL applications that are not affected by this vulnerability. We encourage customers to obtain updates from their respective distributions. Source: http://openssl.org/news/secadv_20101116.txt http://www.theregister.co.uk/2010/11/16/openssl_security_fix/ Thanks, Dave -- -------------------------------------------------------- Dave Lugo [email protected] No spam, thanks. Are you the police? . . . No ma'am, we're sysadmins. -------------------------------------------------------- -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
