Exim Critical Vulnerability Revealed
A corrective release of Exim 4.92.2 has been published to fix a critical vulnerability (CVE-2019-15846), which in the default configuration can lead to remote code execution by an attacker with root rights. The problem only appears when TLS support is enabled and is exploited by passing a specially designed client certificate or modified value to SNI. The vulnerability was identified by Qualys. The problem is present in the special character escaping handler [...]