ArchLinux: 201603-8: exim: privilege escalation
Summary
All installations having Exim set-uid root and using 'perl_startup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim (and this is normally *any* user) can gain root privileges.
Resolution
Upgrade to 4.86.2-2.
# pacman -Syu "exim>=4.86.2-2"
The problem has been fixed upstream in version 4.86.2.
References
https://www.exim.org/static/doc/CVE-2016-1531.txt https://access.redhat.com/security/cve/CVE-2016-1531
Workaround
None.