Multiple vulnerabilities have been found in Exim, the worst of which allows remote attackers to execute arbitrary code.
|Package||mail-mta/exim on all architectures|
|Affected versions||< 4.90.1|
|Unaffected versions||>= 4.90.1|
Exim is a message transfer agent (MTA) designed to be a a highly configurable, drop-in replacement for sendmail.
Multiple vulnerabilities have been discovered in Exim. Please review the CVE identifiers referenced below for details.
A remote attacker, by connecting to the SMTP listener daemon, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.
There is no known workaround at this time.
All Exim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.90.1"