Re: [exim] CVE-2019-15846 ..Exim Vulnerability

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Heiko Schlittermann
Data:  
Para: exim-users
Assunto: Re: [exim] CVE-2019-15846 ..Exim Vulnerability
Bhawna.Kapur--- via Exim-users <exim-users@???> (Do 12 Sep 2019 12:25:55 CEST):
> We have Debian 7 (Wheezy) in our environment.


This is very outdated already.

> Exim version 4.80 #3 built 14-Mar-2016 20:04:52
> Is this version of exim is vulnerable ? What would you recommend?


In the CVE we stated, that *all* versions are vulnerable, while there is
some indication, that versions prior 4.80 *may* not be vulnerable. But I
wouldn't rely on this.

So, upgrade. If you've luck, Debian still provides security updates for
your outdated Debian version. Read on their webpages.

If you're out of luck, either upgrade your Debian system to a recent
one, or prepare to compile Exim on your own. (This is not as hard as it
seems, but you have to care about further updates manually).

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -