Vulnerabilities in Exim 4.87 to 4.91

Recently, information security specialists published news about a security problem discovered in the Exim mail server from 4.87 to 4.91, which allows attackers to execute arbitrary code as root on a vulnerable system. The exim developers fixed the vulnerability without public awareness of its presence in version 4.92, which was released back in February 2019.

Currently, version 4.92 packages, as well as fixed packages for previous versions of Exim, used in distributions are already available.

To install them, you need to perform a few simple steps, depending on the OS you are using, they are listed below:

1) Find out the version of Exim installed on the server:

Debian / Ubuntu:
dpkg --list | grep exim

CentOS
rpm -qa | grep exim

2) If Exim is not installed, or if the version of Exim is less than 4.87 or greater than 4.92, then no action is required.

3) If the version of Exim installed is in the range 4.87-4.91, then an upgrade must be performed.

If you have CentOS 6, the update command is as follows:
yum --enablerepo = epel = testing update exim

If CentOS 7, then:
yum update exim

If Debian / Ubuntu
apt-get update
apt-get install exim4

Of course, you can always ask our administrators for help, they will check if your server is vulnerable and, if necessary, perform an update.


10 June 2019

You may be interested in