Exim schedules information leak fix for this Christmas



Exim, a popular mail transfer agent on Unix-like platforms, is all set to receive the fix for an information leakage vulnerability on this Christmas. The issue was well-reported on December 15, but it has been taking ten days to patch the security hole.

“We’re addicted to high-quality software. And we can’t celebrate any holiday while knowing that there are systems outside, that may leak private information,” Exim maintainer Heiko Schlittermann writes in a community email.

Dubbed as CVE-2016-9963, the vulnerability is so far unknown to Linux administrators. However, Schlittermann in a separate email revealed that it could enable attackers to gain a backdoor access to private information remotely. “If several conditions are met, Exim leaks private information to a remote attacker,” he stated.

The team led by Schlittermann received the vulnerability report on December 15 and requested the CVE on December 16. The fix was also released in merely seven days after some developers started testing its presence and passed all the traditional tests on January 18. But its final presence is taking seven days to reach the masses on December 25.

Developers and Linux administrators can access the improved Exim from its official public Git repository. It is recommended to be installed even on the systems that have the most preceding, Exim 4.87.


Please enter your comment!
Please enter your name here