sakin sabar saƙon da ba a shirya ba wanda ke kawar da mummunan rauni (CVE-2019-13917), wanda ke ba da damar aiwatar da code mai nisa tare da haƙƙin tushen idan wasu takamaiman saitunan suna cikin daidaitawa.
Varfafawa farawa daga sakin 4.85 lokacin amfani da ma'aikacin "${sort}" a cikin saitunan, idan abubuwan da aka yi amfani da su a cikin jerin "nau'i" za'a iya canza su zuwa maharan (misali, ta hanyar $ local_part da $ domain variables). Ta hanyar tsoho, ba a amfani da wannan ma'aikacin a cikin tsarin da aka bayar a cikin rarrabawar Exim tushe da kuma a cikin kunshin don Debian da Ubuntu (wataƙila kuma a cikin sauran rabawa). Don bincika tsarin ku don rashin lahani, kuna iya aiwatar da umarnin “exim -bP config | irin grep".
An riga an fitar da sabuntawa don gyara rashin lafiyar и . Har yanzu ba a shirya sabuntawa ba , , и . RHEL da matsalar CentOS , tunda ba a haɗa Exim a cikin ma'ajiyar fakitin su na yau da kullun (idan ya cancanta, shigar daga ma'ajiyar ).
source: budenet.ru