Critical hole in the Exim Mail server

"A missing format specification in a logging function of the free Mail
Transfer Agent Exim has been identified by the developers as offering an
attacker a chance to execute arbitrary code on the server. The particular
line of code wrote a string directly to the logfile. An attacker could
exploit this by adding particular formatting instructions into the DKIM
information string in an incoming email which would allow them to inject
their own code and run it with the rights of the mail server. Although no
exploit is known to exist, the developers believe that an experienced
attacker would not find an exploit hard to construct."