Re: [exim] CVE-2019-15846 ..Exim Vulnerability

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Dmitriy Matrosov
Datum:  
To: exim-users
Betreff: Re: [exim] CVE-2019-15846 ..Exim Vulnerability


On September 12, 2019 1:46:35 PM GMT+03:00, Heiko Schlittermann via Exim-users <exim-users@???> wrote:
>Bhawna.Kapur--- via Exim-users <exim-users@???> (Do 12 Sep 2019
>12:25:55 CEST):
>> We have Debian 7 (Wheezy) in our environment.
>
>This is very outdated already.
>
>> Exim version 4.80 #3 built 14-Mar-2016 20:04:52
>> Is this version of exim is vulnerable ? What would you recommend?
>
>In the CVE we stated, that *all* versions are vulnerable, while there
>is
>some indication, that versions prior 4.80 *may* not be vulnerable. But
>I
>wouldn't rely on this.
>
>So, upgrade. If you've luck, Debian still provides security updates for
>your outdated Debian version. Read on their webpages.
>
>If you're out of luck, either upgrade your Debian system to a recent
>one, or prepare to compile Exim on your own. (This is not as hard as it
>seems, but you have to care about further updates manually).


Does the fix in acl discussed recently make such versions more or less secure?

>
>    Best regards from Dresden/Germany
>    Viele Grüße aus Dresden
>    Heiko Schlittermann
>--
>SCHLITTERMANN.de ---------------------------- internet & unix support -
>Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
>gnupg encrypted messages are welcome --------------- key ID: F69376CE -
>! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -