Qualys has put out an advisory on a vulnerability in the Exim mail transfer agent, versions 4.87 through 4.91; it allows for easy command execution by a local attacker and remote execution in some scenarios. "To remotely exploit this vulnerability in the default configuration, an attacker must keep a connection to the vulnerable server open for 7 days (by transmitting one byte every few minutes). However, because of the extreme complexity of Exim's code, we cannot guarantee that this exploitation method is unique; faster methods may exist." Sites running Exim should upgrade to 4.92 if they have not already.