Hell Niels,
12.06.2019 0:58, Niels Dettenbach writes:
> Am Dienstag, 11. Juni 2019, 18:57:41 CEST schrieb Konstantin Boyandin via
> Exim-users:
>> If I am not mistaken, CentOS 6.10 EPEL didn't apply any patches,
>> original Exim 4.91 is still their last version.
>
> The "initial official" date for patch releases was "officially set" by
Exim
> project / security list onto the 11.06.2019 (today) - so possibly some
"less
> aware" (LTS) distributors will use that date ("in respect for the
project")
> for their release...
That would mean that those sysadmins relying on the distro's maintainers
response might have been surprised in a very unpleasant way.
> The distros i.e. i work with mainly (i.e. Gentoo, different BSDs etc.) are
> "on" 4.92 "since published". Debian seems announced/released patches too:
> https://security-tracker.debian.org/tracker/CVE-2019-10149
Kali and Ubuntu, AFAIK, too. Currently I mostly use the latter two.
> RedHat (Enterprise) seems "not affected":
> https://access.redhat.com/security/cve/cve-2019-10149
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10149
>
>> So either build manually, or switch to another MTA, or hope that
>> "allowed chars" trick will be good enough protection.
> or switch to a "proper distro"...ß)
Dreams, those dreams...
I maintain several CentOS 6-based servers. They will finally be replaced
by CentOS 7-based, but it's out of my control to upgrade the
distributions ASAP. Hence, I have to do manual upgrades and monitor
security advisories.
I wonder how many CentOS installations will be hit.
Sincerely,
Konstantin
