Jeremy Harris

**Name of the Vulnerable Software and Affected Versions** Exim versions 4.85 through 4.92 **Description** The issue is related to errors in handling objects in memory, which can allow an attacker to elevate privileges and execute arbitrary code. This can occur in unusual configurations where the ${sort } expansion is used for items that can be controlled by an attacker, such as $local part or $domain. **Recommendations** For Exim versions 4.85 through 4.92, update to version 4.92.1 to resolve the issue. As a temporary workaround, consider restricting the use of the ${sort } expansion for items that can be controlled by an attacker until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Exim versions prior to 4.87.1 **Description** The issue allows remote attackers to obtain the private DKIM signing key. This is related to vectors involving log files and bounce messages. **Recommendations** For versions prior to 4.87.1, update to version 4.87.1 or later to resolve the issue.