Recently, information security specialists published news about a security problem discovered in the Exim mail server from 4.87 to 4.91, which allows attackers to execute arbitrary code as root on a vulnerable system. The exim developers fixed the vulnerability without public awareness of its presence in version 4.92, which was released back in February 2019.
Currently, version 4.92 packages, as well as fixed packages for previous versions of Exim, used in distributions are already available.
To install them, you need to perform a few simple steps, depending on the OS you are using, they are listed below:
1) Find out the version of Exim installed on the server:
Debian / Ubuntu:
dpkg --list | grep exim
rpm -qa | grep exim
2) If Exim is not installed, or if the version of Exim is less than 4.87 or greater than 4.92, then no action is required.
3) If the version of Exim installed is in the range 4.87-4.91, then an upgrade must be performed.
If you have CentOS 6, the update command is as follows:
yum --enablerepo = epel = testing update exim
If CentOS 7, then:
yum update exim
If Debian / Ubuntu
apt-get install exim4
Of course, you can always ask our administrators for help, they will check if your server is vulnerable and, if necessary, perform an update.