Please Install the Updated Packages.

Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on UNIX systems connected to the Internet. A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the &quot exim&quot user, they could cause Exim to execute arbitrary commands as the root user. (CVE-2010-4345) This update adds a new configuration file, &quot /etc/exim/trusted-configs&quot . To prevent Exim from running arbitrary commands as root, Exim will now drop privileges when run with a configuration file not listed as trusted. This could break backwards compatibility with some Exim configurations, as the trusted-configs file only trusts &quot /etc/exim/exim.conf&quot and &quot /etc/exim/exim4.conf&quot by default. If you are using a configuration file not listed in the new trusted-configs file, you will need to add it manually. Additionally, Exim will no longer allow a user to execute exim as root with the -D command line option to override macro definitions. All macro definitions that require root permissions must now reside in a trusted configuration file. Users of Exim are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the exim daemon will be restarted automatically.

exim on CentOS 4

• http://lists.centos.org/pipermail/centos-announce/2011-January/017244.html

---

Updated on 2015-03-25