Raju Mathur rearranged electrons thusly:
> BUGTRAQ just reported a format string vulnerability in Exim (version
> unspecified) which crops up if you have the headers_check_syntax
> option enabled in exim.conf. Most Exim installations do NOT have this
> option enabled by default and hence are secure (from this bug at
> least).
There appear to be other issues with exim 3.22 (such as random junk files in
the spool, containing parts of syslog, fragments of messages and such),
currently observed only on Solaris (when compiled with gcc). There's also
some reports of exim 3.22 segfaulting under freebsd 4.x (though not dumping
core as it is setuid).
No problems reported as yet on linux - and just about all these occur under
rather high (several thousands a day) load conditions.
Philip Hazel, the author of Exim, seems to be traveling somewhere, but a
patch is being worked on by quite a few people (Nigel Metheringham, Yann
Golanski, etc)
-suresh
--
Suresh Ramasubramanian <--> mallet <at> efn <dot> org
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/linux-india-help
