Hello Linux users,
The open-source security community has been shaken by the discovery of over 30 vulnerabilities in the widely used Exim mail transfer agent. A critical SMTP flaw enables attackers to exploit SMTP smuggling to inject malicious commands into email content. This could result in unauthorized system access and service disruption, threatening data security and service integrity.
Read on to learn if you are impacted, how to check if your version of Exim is vulnerable, and how to secure your systems against these critical vulnerabilities. You’ll also get updates on other issues affecting your open-source programs and applications that threaten your sensitive data and system security.
If you gained valuable information from reading today’s newsletter, please share it with a fellow security geek. Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from passionate, insightful community members who share our love for Linux and security!
Stay safe out there,
EximThe DiscoveryRecently, over 30 vulnerabilities have been found in the widely used Exim mail transfer agent, including a critical SMTP flaw that enables attackers to exploit SMTP smuggling to inject malicious commands into email content. |
OpenSSHThe DiscoveryHave you updated it to fix the recently discovered OpenSSH RCE bug dubbed "regreSSHion" (CVE-2024-6387)? This vulnerability enables an unauthenticated attacker to gain root-level code execution without authentication, rendering this race condition especially severe given SSH's root-level access capabilities. |
PHPThe DiscoveryThreat actors continue to exploit a PHP code execution vulnerability to spread TellYouThePass ransomware. This flaw impacts PHP versions 8.1, before 8.1.29, 8.2, before 8.2.20, and 8.3. before 8.3.8. |
