[exim-announce] Security update: Exim 4.90.1 released (CVE-…

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-announce
Subject: [exim-announce] Security update: Exim 4.90.1 released (CVE-2018-6789)
We released Exim 4.90.1 just now.
---------------------------------

This is mainly a security release to fix CVE-2018-6789, a buffer
overflow in base64d(). Please update your systems to 4.90.1. The
reporter of the bug claims to have a working exploit. See
http://exim.org/static/doc/security/CVE-2018-6789.txt for the timeline.

This release contains some other important bug fixes since 4.90, but no
additional features. Please see the ChangeLog
ftp://ftp.exim.org/pub/exim/exim4/ChangeLog

The Distros should have built packages already.

The sources can be obtained directly from the Git repos

    git://git.exim.org/exim.git     tag: exim-4_90_1
    git://git.exim.org/exim.git     tag: exim-4_90_1


The tag is signed with my GPG key¹.

Alternativly you may fetch the tarballs from the mirrors listed
on 
    https://www.exim.org/mirmon/ftp_mirrors.html


or directly from

      ftp://ftp.exim.org/pub/exim/exim4/
    https://ftp.exim.org/pub/exim/exim4/


The tarballs are signed with my GPG key¹. Next to the tarballs you will
find a sha512sum.txt, in case you are happy with simple integrity check
only.

¹) If you get a "key expired" message, please refresh my key from
the public keyservers.

Thank you for using Exim.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -