Re: [exim] Security release for CVE-2016-1531: 4.84.2, 4.85.…

Top Page

Reply to this message
Author: Heiko Schlittermann
Date:  
To: Dean Brooks
CC: 'Exim-Users'
Subject: Re: [exim] Security release for CVE-2016-1531: 4.84.2, 4.85.2, 4.86.2, 4.87 RC5
Dean Brooks <deanbrooks@???> (Do 03 Mär 2016 04:41:50 CET):
> So, um, this is going to blow up into a thing pretty quickly.
>
> Are there *no* workarounds for the root escalation issue if perl_startup is in use, other than upgrading? Is there any sort of way to mitigate this issue, even temporarily through any sort of configuration?
>


Hm, can't you build any new version of Exim, or can't you build one of
the versions we support?

Please tell me, if you need help for any older version.

As a temporary counter measuer you may remove the setuid-root bit from
the binary.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -