A vulnerability in Exim could allow a remote attacker to execute arbitrary commands.
|Package||mail-mta/exim on all architectures|
|Affected versions||< 4.92|
|Unaffected versions||>= 4.92|
Exim is a message transfer agent (MTA) designed to be a a highly configurable, drop-in replacement for sendmail.
A vulnerability was discovered in how Exim validates recipient addresses in the deliver_message() function.
A remote attacker could execute arbitrary commands by sending an email with a specially crafted recipient address to the affected system.
There is no known workaround at this time.
All Exim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.92"
June 06, 2019
June 06, 2019: 1