New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 7.4
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update to exim 4.86.2 fixes the following issues :
- CVE-2016-1531: local privilege escalation for set-uid root exim when using 'perl_startup' (boo#968844)
Important: Exim now cleans the complete execution environment by default. This affects Exim and subprocesses such as transports calling other programs. The following new options are supported to adjust this behaviour :
- add_environment A warning will be printed upon startup if none of these are configured.
Also includes upstream changes, improvements and bug fixes :
- Support for using the system standard CA bundle.
- New expansion items $config_file, $config_dir, containing the file and directory name of the main configuration file. Also $exim_version.
- New 'malware=' support for Avast.
- New 'spam=' variant option for Rspamd.
- Assorted options on malware= and spam= scanners.
- A commandline option to write a comment into the logfile.
- A logging option for slow DNS lookups.
- New $(env (<variable>)) expansion.
- A non-SMTP authenticator using information from TLS client certificates.
- Main option 'tls_eccurve' for selecting an Elliptic Curve for TLS.
- Main option 'dns_trust_aa' for trusting your local nameserver at the same level as DNSSEC.
SolutionUpdate the affected exim packages.