Re: [exim] The most used Exim version is the vulnerable one

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Mike Brudenell
Date:  
À: Exim Users
Sujet: Re: [exim] The most used Exim version is the vulnerable one
On Tue, 11 Jun 2019 at 17:24, Niels Dettenbach (Syndicat IT & Internet) via
Exim-users <exim-users@???> wrote:

> If i read right, the most major distributors (as exim maintainers too)
> backported any patch or solution at least to the most used earlier versions
> (still provided in their patches / sec updates - so the "90% of vulnerable"
> may be way to high att. But 90% sound "more impressive"...ß).
>
> just my .02$
>
> niels.
>


I can confirm that the patch was backported/applied to Ubuntu 18.04LTS.
Their updated package for that distribution is called "Exim
4.90.1-1ubuntu1.2". However the greeting string Exim returns to a client on
connection (which is where I think the stats will have been gathered from)
is unchanged from before the patch. So yes, I suspect that 90% is on the
high side, or more accurately should be described as servers needing/that
needed the patch.

Cheers,
Mike B-)

--
*My normal working days are Tuesdays, Wednesdays and Thursdays.*

Systems Administrator working in Teaching & Learning
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811

Web: www.york.ac.uk/it-services
Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm