Hey Community,
As per CVE-2018-6789: An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
Sophos UTM 9 uses Exim for SMTP and has developed a patch for this issue.
A prefix patch is now available. Customers who want this patch should contact Sophos Support. The official release with the patch is expected next week as a Soft Release and a GA release will be made soon after.
Please see this KBA for more info.
Regards,
FloSupport | Community Support Engineer
This thread was automatically locked due to age.