Re: [exim] Security release for CVE-2016-1531: 4.84.2, 4.85.…

Top Page

Reply to this message
Author: Heiko Schlittermann
To: Dean Brooks
CC: 'Exim-Users'
Subject: Re: [exim] Security release for CVE-2016-1531: 4.84.2, 4.85.2, 4.86.2, 4.87 RC5
Dean Brooks <deanbrooks@???> (Do 03 Mär 2016 04:41:50 CET):
> So, um, this is going to blow up into a thing pretty quickly.
> Are there *no* workarounds for the root escalation issue if perl_startup is in use, other than upgrading? Is there any sort of way to mitigate this issue, even temporarily through any sort of configuration?

Hm, can't you build any new version of Exim, or can't you build one of
the versions we support?

Please tell me, if you need help for any older version.

As a temporary counter measuer you may remove the setuid-root bit from
the binary.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -