A few days ago, a critical security breach in the Exim e-mail application was made public. This threatens versions between 4.87 and 4.91.
Referenced as “CVE-2019-10149”, this vulnerability allows remote code execution on the server.
What are the risks if you do nothing?
This critical flaw allows a third party to take control, via the Exim application, of a vulnerable server, remotely and without the need for authentication. All data and applications hosted on this server could be compromised.
What can you do about it?
Various Linux distributions have already published an update. We strongly recommend that you apply it as soon as possible to your servers that use the Exim versions listed above.
To do this, simply launch an update of your packages and make sure that the system is up to date.
Exim’s contributors have published a short note that you can find here: