CentOS Update for exim CESA-2011:0153 centos4 i386

Solution
Please Install the Updated Packages.
Insight
Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on UNIX systems connected to the Internet. A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the &quot exim&quot user, they could cause Exim to execute arbitrary commands as the root user. (CVE-2010-4345) This update adds a new configuration file, &quot /etc/exim/trusted-configs&quot . To prevent Exim from running arbitrary commands as root, Exim will now drop privileges when run with a configuration file not listed as trusted. This could break backwards compatibility with some Exim configurations, as the trusted-configs file only trusts &quot /etc/exim/exim.conf&quot and &quot /etc/exim/exim4.conf&quot by default. If you are using a configuration file not listed in the new trusted-configs file, you will need to add it manually. Additionally, Exim will no longer allow a user to execute exim as root with the -D command line option to override macro definitions. All macro definitions that require root permissions must now reside in a trusted configuration file. Users of Exim are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the exim daemon will be restarted automatically.
Affected
exim on CentOS 4
References