On 03/01/2011 13:47, Dave Lugo wrote: > A vulnerability has been discovered in the TLS server extension parsing of > OpenSSL. Remote attackers may be able to trigger a race condition in > multithreaded applications that use OpenSSL resulting in arbitrary code > execution. To be susceptible, the application must use OpenSSL's internal > caching mechanism. Apache and Stunnel are mentioned as two popular OpenSSL > applications that are not affected by this vulnerability. We encourage > customers to obtain updates from their respective distributions. > > Source: > > http://openssl.org/news/secadv_20101116.txt > http://www.theregister.co.uk/2010/11/16/openssl_security_fix/
I wouldn't have thought so. Exim isn't a multi-threaded application. -- Mike Cardwell https://secure.grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
