Skip to main content

New Critical Exim Flaw Exposes Email Servers to Remote Attacks

Comments

7 comments

  • Infopro
    There is another thread here you might find useful:
    0
  • ItsMattSon
    Thanks Infopro. As suggested, I ran "whmapi1 installed_versions packages=1|grep exim" and it shows as 4.92-4, but I cannot tell if I am running 4.92.3 from that unfortunately. Would you happen to know what to do from here? Or if that version is correct, how to know it's the version I'm looking for for next time?
    0
  • Infopro
    and it shows as 4.92-4, but I cannot tell if I am running 4.92.3 from that unfortunately.

    If it shows 4.92-4 as the installed version you're running, that's the version you're running.
    0
  • ItsMattSon
    Right, but it does not help me determine if Exim is 4.92.1, 4.92.2 or 4.92.3 (latest version). The minor revision number is important here because 4.92.2 is affected by this flaw whereas 4.92.3 is not. That's why I was hoping you could tell me how to check the minor revision I'm running, if perhaps possible. Thanks in advance.
    0
  • Infopro
    The docs may be of some use to you:
    0
  • ItsMattSon
    Thanks @Infopro - That has opened my eyes. I appreciate the point in the right direction. [hostname@srv ~]$ rpm -q --changelog exim * Fri Sep 27 2019 Nicholas Jackson <- Removed -> - 4.92-4.cp1180 - Fix buffer overflow in string_vformat. CVE-2019-16928
    0
  • Infopro
    Happy to help.
    0

Please sign in to leave a comment.