Hi folks,
another critical security issue hits also CentOS systems as reported on: https://www.exim.org/static/doc/securit ... -15846.txt
The issue is already known by Red Hat https://access.redhat.com/security/cve/cve-2019-15846 but as we all still wait for the dovecot fix which has also not been patched by Red Hat yet I would like to ask if someone knows alternative repos from the official ones to update Exim to 4.92.2 as soon as possible?
Trevor already mentioned that the CentOS team can not provide update packages before the Red Hat packages are released, so this will consume some time and no one knows if there is an exploit already available.
Regards
Peter
CVE-2019-15846 fix for CentOS?
Re: CVE-2019-15846 fix for CentOS?
This one is different since we do not supply exim at all. It is in the third party yum repo: EPEL. You can look in the Fedora EPEL section of bugzilla.redhat.com for bug reports about this (I expect there to be a bz for this already) and if there isn't one there, raise one.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2019-15846 fix for CentOS?
Yes, it's in EPEL. See the relevant update. If yum update does not give you an updated exim, try with yum update --enablerepo=epel-testing. The same instructions apply for CentOS 6.
Re: CVE-2019-15846 fix for CentOS?
It's not in epel-testing yet (as of about 2 minutes ago at 13:02 GMT)
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2019-15846 fix for CentOS?
Right, looks like it's still on its way to mirrors, so it may take a while.
-
- Posts: 4
- Joined: 2019/09/03 12:17:16
Re: CVE-2019-15846 fix for CentOS?
Thank you guys. I´ve tried it through epel-testing but nothing appeared so this is why I was confused. You are right it´s already on status pending accordingly to https://bodhi.fedoraproject.org/updates ... fb4fca003a
Re: CVE-2019-15846 fix for CentOS?
Looks like it's gone straight to EPEL itself
Code: Select all
exim.x86_64 4.92.2-1.el7 epel
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke