Gentoo Linux Security Advisory 201607-12 - A local attacker could execute arbitrary code by providing unsanitized data to a data source or escalate privileges. Versions less than 4.87 are affected.
22534b373f0d93237acf41108fb6a56ff906ad77fd8c5a9ae003dd2dc9682857Ubuntu Security Notice 2933-1 - It was discovered that Exim incorrectly filtered environment variables when used with the perl_startup configuration option. If the perl_startup option was enabled, a local attacker could use this issue to escalate their privileges to the root user. This issue has been fixed by having Exim clean the complete execution environment by default on startup, including any subprocesses such as transports that call other programs. This change in behaviour may break existing installations and can be adjusted by using two new configuration options, keep_environment and add_environment. Various other issues were also addressed.
4d1c0664786aa724ab53583f3fef9a7abd6f25ae6008251ecde90b82fec34351
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed