cPanel Exim Vulnerability Report

[chuvadenovembro]

Recebi hoje esse email do cpanel

Citar

Hello,

 

Zero Day Initiative (ZDI) has recently disclosed the latest vulnerabilities in the widely-used Exim mail server.

• CVE-2023-42115: Exim addressed issues specific to external authentication.
• CVE-2023-42114 & CVE-2023-42116: Exim fixed vulnerabilities related to SPA (Secure Password Authentication) and NTLM (NT LAN Manager).
• CVE-2023-42117: Known defect related to proxy protocol usage in Exim. This only poses a risk if your mail traffic is being proxied to your server, and the proxy is untrusted. We recommend verifying the trustworthiness of your proxy.
• CVE-2023-42118: A vulnerability related to libspf2 has been patched by cPanel to protect against integer underflow. However, due to limited details in ZDI’s reports, the exact nature of the problem remains unknown.
• CVE-2023-42119: Issue related to dnsdb. If you have manually added a dnsdb configuration in any version of cPanel & WHM, please review your settings.

 

Based on our latest risk assessment and understanding of the defect reports, no further action or change is required from your side.

We continue to prioritize the safety of your hosting environment. For more information, please read the latest cPanel Vulnerability Report.

 

If you have any questions or require further assistance, please don't hesitate to contact us.

 

Thank you for your attention,
The cPanel Team

 

[DELTA SERVERS]

Boa tarde,
 

Recebemos, acabamos agora de analisar esses relatos deles e atualizamos diversos servidores.