Synopsis:	Moderate: exim security update
Issue date:	2011-01-17
CVE Names:	CVE-2010-4345

A privilege escalation flaw was discovered in Exim. If an attacker were
able to gain access to the "exim" user, they could cause Exim to execute
arbitrary commands as the root user. (CVE-2010-4345)

This update adds a new configuration file, "/etc/exim/trusted-configs". 
To prevent Exim from running arbitrary commands as root, Exim will now 
drop privileges when run with a configuration file not listed as 
trusted. This could break backwards compatibility with some Exim 
configurations, as the trusted-configs file only trusts 
"/etc/exim/exim.conf" and "/etc/exim/exim4.conf" by default. If you are 
using a configuration file not listed in the new trusted-configs file, 
you will need to add it manually.

Additionally, Exim will no longer allow a user to execute exim as root 
with the -D command line option to override macro definitions. All macro
definitions that require root permissions must now reside in a trusted
configuration file.

After installing this update, the exim daemon will be restarted 
automatically.

SL 4.x

      SRPMS:
exim-4.43-1.RHEL4.5.el4_8.3.src.rpm
      i386:
exim-4.43-1.RHEL4.5.el4_8.3.i386.rpm
exim-doc-4.43-1.RHEL4.5.el4_8.3.i386.rpm
exim-mon-4.43-1.RHEL4.5.el4_8.3.i386.rpm
exim-sa-4.43-1.RHEL4.5.el4_8.3.i386.rpm
      x86_64:
exim-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm
exim-doc-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm
exim-mon-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm
exim-sa-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm

SL 5.x

      SRPMS:
exim-4.63-5.el5_6.2.src.rpm
      i386:
exim-4.63-5.el5_6.2.i386.rpm
exim-mon-4.63-5.el5_6.2.i386.rpm
exim-sa-4.63-5.el5_6.2.i386.rpm
      x86_64:
exim-4.63-5.el5_6.2.x86_64.rpm
exim-mon-4.63-5.el5_6.2.x86_64.rpm
exim-sa-4.63-5.el5_6.2.x86_64.rpm

-Connie Sieh
-Troy Dawson