A fix has been issued for a critical flaw in the Exim email server software. The flaw could lead to servers crashing or remote code execution attacks being launched. Exim is the most used mail transfer agent globally and has over five million internet-facing hosts. This specific flaw (CVE-2019-16928) is a heap-based overflow vulnerability. No other mitigations exist other than updating the server, according to Exim s advisory. Earlier in September, researchers urged users to upgrade their Exim servers immediately after millions of servers were found to be vulnerable.
Source: https://threatpost.com/critical-exim-flaw-opens-servers-to-remote-code-execution/148773/