A critical vulnerability in Exim mail servers allows a remote attacker to trigger denial of service and achieve remote code execution. The flaw specifically impacts Exim versions 4.97 through 4.99.2, but only in builds compiled with the USE_GNUTLS=yes configuration flag; builds using OpenSSL are unaffected. The solution is to update to Exim version 4.99.3.
A vulnerability has been identified in Exim. A remote attacker could exploit this vulnerability to trigger denial of service condition and remote code execution on the targeted system. Impact Remote Code Execution Denial of Service System / Technologies affected All Exim versions from 4.97 up to and including 4.99.2 are affected. This vulnerability only impacts builds that use USE_GNUTLS=yes. Builds using OpenSSL or other TLS libraries are not affected. Solutions Before installation of the software, please visit the vendor web-site for more details. Update to Exim version 4.99.3