[exim-dev] [Bug 1580] 【remote exec vulnerability】

[Jeremy Harris]

--- You are receiving this mail because: ---
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1580

Jeremy Harris jgh146...@wizmail.org changed:

   What|Removed |Added

 CC||jgh146...@wizmail.org
 Status|NEW |RESOLVED
 Resolution||INVALID




--- Comment #1 from Jeremy Harris jgh146...@wizmail.org  2015-01-28 15:39:12 
---
Update your glibc.  This is not an Exim bug.


-- 
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] [Bug 1580] 【remote exec vulnerability】

[Phil Pennock]

--- You are receiving this mail because: ---
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1580




--- Comment #2 from Phil Pennock p...@exim.org  2015-01-28 18:54:16 ---
In particular, for the record so that folks know why this is being dismissed so
readily:

http://www.openwall.com/lists/oss-security/2015/01/27/9

http://arstechnica.com/security/2015/01/highly-critical-ghost-allowing-code-execution-affects-most-linux-systems/

Also, there is an Exim-Announce mail warning of the issue and including
mitigation factors which can be applied, as exposing this vulnerability
requires turning on specific Exim configuration options, so turning them off
again will help; see:

https://lists.exim.org/lurker/message/20150127.200135.056f32f2.en.html
http://permalink.gmane.org/gmane.mail.exim.announce/162
(same post, two different archives)


-- 
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##