Re: Exim CVEs (21Nails)

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Exim CVEs (21Nails)

From:	Leo Famulari
Subject:	Re: Exim CVEs (21Nails)
Date:	Mon, 17 May 2021 10:44:31 -0400

On Mon, May 17, 2021 at 12:10:26PM +0200, Taylan Kammer wrote:
> Hi Guix people,
> 
> Just wanted to make sure everyone's aware, since we package Exim:
> 
> https://blog.qualys.com/vulnerabilities-research/2021/05/04/21nails-multiple-vulnerabilities-in-exim-mail-server
> 
> "Last fall, the Qualys Research Team engaged in a thorough code audit of Exim
> and discovered 21 unique vulnerabilities. Ten of these vulnerabilities can be
> exploited remotely. Some of them leading to provide root privileges on the
> remote system. And eleven can be exploited locally with most of them can be
> exploited in either default configuration or in a very common configuration.
> Some of the vulnerabilities can be chained together to obtain a full remote
> unauthenticated code execution and gain root privileges on the Exim Server.
> Most of the vulnerabilities discovered by the Qualys Research Team for e.g.
> CVE-2020-28017 affects all versions of Exim going back all the way to 2004
> (going back to the beginning of its Git history 17 years ago)."

Fixed in commit 4ca8a00263 (gnu: Exim: Update to 4.94.2 [security
fixes].)

https://git.savannah.gnu.org/cgit/guix.git/commit/?id=4ca8a002633f5d5c88c689fd41a686b5cdff33ec

[Prev in Thread]

Current Thread

[Next in Thread]

Exim CVEs (21Nails), Taylan Kammer, 2021/05/17
- Re: Exim CVEs (21Nails), Leo Famulari <=
  - Re: Exim CVEs (21Nails), Taylan Kammer, 2021/05/17
    - Re: Exim CVEs (21Nails), Leo Famulari, 2021/05/17

Prev by Date: Re: GNU Guix 1.4.0 in September? (was: Re: GNU Guix 1.3.0 released)
Next by Date: Re: What’s next?
Previous by thread: Exim CVEs (21Nails)
Next by thread: Re: Exim CVEs (21Nails)
Index(es):
- Date
- Thread