[exim] is exim affected by this ssl vulnerability?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Mike Cardwell at ->
Delete this message
Reply to this message
Author: Dave Lugo
Date:  
To: exim-users
Subject: [exim] is exim affected by this ssl vulnerability?
Hi,

Re this:

A vulnerability has been discovered in the TLS server extension parsing of
OpenSSL. Remote attackers may be able to trigger a race condition in
multithreaded applications that use OpenSSL resulting in arbitrary code
execution. To be susceptible, the application must use OpenSSL's internal
caching mechanism. Apache and Stunnel are mentioned as two popular OpenSSL
applications that are not affected by this vulnerability. We encourage
customers to obtain updates from their respective distributions.

Source:

http://openssl.org/news/secadv_20101116.txt
http://www.theregister.co.uk/2010/11/16/openssl_security_fix/

Thanks,

Dave 

-- 
--------------------------------------------------------
  Dave Lugo     dlugo@???      No spam, thanks.
  Are you the police?  . . .  No ma'am, we're sysadmins.
--------------------------------------------------------


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Parlez-vous Exim avec Mailman - ACL clarification soughtRe: [exim] is exim affected by this ssl vulnerability?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)