Arch Linux Security Advisory ASA-201603-8 ========================================= Severity: High Date : 2016-03-10 CVE-ID : CVE-2016-1531 Package : exim Type : privilege escalation Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package exim before version 4.86.2-2 is vulnerable to privilege escalation. Resolution ========== Upgrade to 4.86.2-2. # pacman -Syu "exim>=4.86.2-2" The problem has been fixed upstream in version 4.86.2. Workaround ========== None. Description =========== All installations having Exim set-uid root and using 'perl_startup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim (and this is normally *any* user) can gain root privileges. Impact ====== A local attacker is able to use a privilege escalation vulnerability to gain root privileges. References ========== http://www.exim.org/static/doc/CVE-2016-1531.txt https://access.redhat.com/security/cve/CVE-2016-1531