Abuse Melding

Je hebt een klacht over de onderstaande posting:

01-10-2023, 20:45 door Anoniem

Uitleg van Heiko Schlittermann over onder andere de belangrijke vraag waneer Exim kwetsbaar is en wanneer niet. https://seclists.org/oss-sec/2023/q4/3 Summary ------- Six 0day exploits were filed against Exim. None of these issues is related to transport security (TLS) being on or off. * 3 of them are related to SPA/NTLM, and EXTERNAL auth. If you do not use SPA/NTLM, or EXTERNAL authentication, you're not affected. These issues are fixed. * One issue is related to data received from a proxy-protocol proxy. If you do not use a proxy in front of Exim, you're not affected. If your proxy is trustworthy, you're not affected. We're working on a fix. * One is related to libspf2. If you do not use the `spf` lookup type or the `spf` ACL condition, you are not affected. * The last one is related to DNS lookups. If you use a trustworthy resolver (which does validation of the data it receives), you're not affected. We're working on a fix.

Beschrijf je klacht (Optioneel):

captcha