Re: [exim] The most used Exim version is the vulnerable one

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Niels Dettenbach
Datum:  
To: exim-users, lists
Betreff: Re: [exim] The most used Exim version is the vulnerable one
Am Dienstag, 11. Juni 2019, 18:57:41 CEST schrieb Konstantin Boyandin via
Exim-users:
> If I am not mistaken, CentOS 6.10 EPEL didn't apply any patches,
> original Exim 4.91 is still their last version.


The "initial official" date for patch releases was "officially set" by Exim
project / security list onto the 11.06.2019 (today) - so possibly some "less
aware" (LTS) distributors will use that date ("in respect for the project")
for their release...

The distros i.e. i work with mainly (i.e. Gentoo, different BSDs etc.) are
"on" 4.92 "since published". Debian seems announced/released patches too:
https://security-tracker.debian.org/tracker/CVE-2019-10149

RedHat (Enterprise) seems "not affected":
https://access.redhat.com/security/cve/cve-2019-10149
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10149

> So either build manually, or switch to another MTA, or hope that
> "allowed chars" trick will be good enough protection.

or switch to a "proper distro"...ß)


--
---
Niels Dettenbach
Syndicat IT & Internet
http://www.syndicat.com
PGP: https://syndicat.com/pub_key.asc
---