Re: [exim] CVE-2017-16943, CVE-2017-16944

Top Page
Delete this message
Reply to this message
Author: Paul Ooi Cong Jen
Date:  
To: exim-users
Subject: Re: [exim] CVE-2017-16943, CVE-2017-16944
Yay, Patched in FreeBSD Machines ;) 4.89_2

CentOS on 4.81 #1

Thanks to the community members!

--
Paul

On 29/11/2017 05:55, Heiko Schlittermann via Exim-users wrote:
> Both issues are fixed now.
>
>      CVE-2017-16943  (RCE)       Exim Bug 2199
>          master:             4e6ae6235c68de243b1c2419027472d7659aa2b4
>          exim-4_89+fixes:    4090d62a4b25782129cc1643596dc2f6e8f63bde
>      Fix done by Jeremy Harris

>
>
>      CVE-2017-16944  (DoS)       Exim Bug 2201
>          master:             178ecb70987f024f0e775d87c2f8b2cf587dd542
>          exim-4_89+fixes:    4804c62909a62a3ac12ec4777ebd48c541028965
>      Fix done by me.

>
> We'll prepare a 4.89.1 release including these two fixes,
> even though 4.90 is quite close.
>
> If you can't update now, you should disable the chunking extension.
>      chunking_advertise_hosts =

>
> Distros are advised to include these commits.
>
>
>      Best regards from Dresden/Germany
>      Viele Grüße aus Dresden
>      Heiko Schlittermann

>
>
>