CVE-2019-10149 - Vulnerability Exim 4.87 to 4.91

  • Tuesday, 11th June, 2019
  • 21:33pm

We received a report of a possible remote exploit. Currently there is evidence of an active use of this exploit.

A patch exists already, is being tested, and backported to all versions we released since (and including) 4.87.

The severity depends on your configuration. It depends on how close to the standard configuration your Exim runtime configuration is. The closer the better.

Exim 4.92 is not vulnerable.

Please contact us to fix your system as soon as possible!