[exim-announce] Security update: Exim 4.90.1 released (CVE-…

Top Page

Reply to this message
Author: Heiko Schlittermann
To: exim-announce
Subject: [exim-announce] Security update: Exim 4.90.1 released (CVE-2018-6789)
We released Exim 4.90.1 just now.

This is mainly a security release to fix CVE-2018-6789, a buffer
overflow in base64d(). Please update your systems to 4.90.1. The
reporter of the bug claims to have a working exploit. See
http://exim.org/static/doc/security/CVE-2018-6789.txt for the timeline.

This release contains some other important bug fixes since 4.90, but no
additional features. Please see the ChangeLog

The Distros should have built packages already.

The sources can be obtained directly from the Git repos

    git://git.exim.org/exim.git     tag: exim-4_90_1
    git://git.exim.org/exim.git     tag: exim-4_90_1

The tag is signed with my GPG key¹.

Alternativly you may fetch the tarballs from the mirrors listed

or directly from


The tarballs are signed with my GPG key¹. Next to the tarballs you will
find a sha512sum.txt, in case you are happy with simple integrity check

¹) If you get a "key expired" message, please refresh my key from
the public keyservers.

Thank you for using Exim.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -