Exim prior to 4.87.1 might allow remote malicious users to obtain the private DKIM signing key via vectors related to log files and bounce messages.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
exim exim |
||
canonical ubuntu linux 16.10 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 14.04 |
||
debian debian linux 8.0 |
Code release for info-leak bug brought forward
Updated An information-leaking security hole in widely used email agent Exim – scheduled for repair on Christmas Day – may now be publicly patched earlier, possibly as soon as Friday. System administrators were stunned by the suggestion that a patch for the vulnerability would be released on December 25 when pretty much everyone working in IT will have the day off. An Exim maintainer, Heiko Schlittermann, admitted the timing of the release wasn’t ideal and suggested that holding up the rel...