I know, it's a Friday. Well, read on, you *should* be able to enjoy the weekend still.
We're going to release Exim 4.74 shortly. It contains another security fix, but one which should not be an issue *on its own*. This will be for CVE-2011-0017. The problem does not grant remote access. But, if an attacker can get to run code as the Exim run-time user (as they could before 4.70), then this is another way that they could escalate privileges to root. Because there's no known way to get to the Exim run-time user, we're treating this as serious but not critical. As such, we are including other changes in this release, as we normally do. This includes fixes to let /dev/null be used as a config file and other clean-ups there. Also, this release includes changes to let lookups by dynamically loaded by Exim, so that library dependencies can be constrained to .so files. This is known to work on Linux and FreeBSD. This is primarily intended for use by OS packagers, since if you're building your own Exim you should know which libraries you need and it will be faster to not have to repeatedly load modules. While this dynamic module support is mostly the same as the patches which have been used for some time by some OS packagers, there is an ABI change, so modules from previous patched Exim builds will not work with this, the first "official" support of dynamically loaded modules. Regards, -Phil
pgpRZplXR5f3a.pgp
Description: PGP signature
-- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
