Half of Exim mail transfer agent zero-days addressed

Three of six zero-day flaws in the Exim mail transfer agent have been fixed with the release of new security patches, reports BleepingComputer. Included in the addressed vulnerabilities are an out-of-bounds write bug, tracked as CVE-2023-42115, which could be leveraged for remote code execution; another remote code execution flaw, tracked as CVE-2023-42114; and an information disclosure issue, tracked as CVE-2023-42116. Despite the critical severity of CVE-2023-42115, extensive configuration requirements needed to leverage the flaw limits exploitation. "Most of us don't need to worry. If you're one of the unlucky ones who uses one of the listed features though, you'll be keen to get more information before undertaking ZDI's advice to 'restrict interaction with the application.' So, our advice is the usual - patch when you can, once patches are available [..] But in the meantime, don't panic - this one is more of a damp squib than a world-ending catastrophe," said watchTowr Labs researcher Aliz Hammond.