EXIM CVE-2018-6789 Query
Regarding CVE-2018-6789 affecting Exim under 4.90.1 what is the plan?
Exim 4.90.1 is in CentOS 7 EPEL testing however I am unsure if a manual update is supported?
I'm on the cPanel "release" channel which as of this writing is version 68 with Exim version:
[~] rpm -q exim
exim-4.89.1-2.cp1162.x86_64
Details:
devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/
-
# rpm -q exim exim-4.89.1-2.cp1162.x86_64 # rpm -q --changelog exim | grep CVE-2018-6789 - Fix CVE-2018-6789.
Looks like the patch was backported.0 -
Much appreciated =) 0 -
Confirmed; root@host [~]# whmapi1 installed_versions packages=1|grep exim exim: 4.89.1-1 - exim-4.89.1-1.cp1162.x86_64 root@host [~]# rpm -q exim exim-4.90.1-1.cp1170.x86_64 root@host [~]# rpm -q --changelog exim | grep CVE-2018-6789 - Fix CVE-2018-67890 -
Confirmed;
root@host [~]# whmapi1 installed_versions packages=1|grep exim exim: 4.89.1-1 - exim-4.89.1-1.cp1162.x86_64 root@host [~]# rpm -q exim exim-4.90.1-1.cp1170.x86_64 root@host [~]# rpm -q --changelog exim | grep CVE-2018-6789 - Fix CVE-2018-6789
(This was post upcp so assuming that cPanel/RH backports are working correctly)0 -
Hi @bellwood, The previous posts are correct. The patch was backported into Exim as part of updates to cPanel versions 62, 68, and 70. # rpm -q --changelog exim | grep CVE-2018-6789 - Fix CVE-2018-6789
The case numbers to reference in the change logs are CPANEL-18510 and CPANEL-18511: Change Logs - Change Logs - cPanel Documentation Thanks!0 -
(This was post upcp so assuming that cPanel/RH backports are working correctly)
Hi @JedCavins, We actually publish our own RPM for Exim. cPanel servers don't use the default Exim RPM that comes with CentOS. Thank you.0
Please sign in to leave a comment.
Comments
6 comments