Anonymous | Login | 2024-04-26 06:07 CEST |
Main | My View | View Issues |
Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
0004631 | [exim] upgrade | major | have not tried | 2010-12-13 12:31 | 2010-12-21 01:53 | ||
Reporter | dm26 | View Status | public | ||||
Assigned To | bwalton | ||||||
Priority | normal | Resolution | fixed | ||||
Status | closed | ||||||
Summary | 0004631: Upgrade exim to 4.72 | ||||||
Description |
Please upgrade exim to the latest version. The current OpenCSW version (4.68) has a remote root vulnerability. The exploit is detailed here: http://isc.sans.edu/diary.html?storyid=10057 [^] |
||||||
Additional Information | |||||||
Tags | No tags attached. | ||||||
Attached Files | |||||||
|
Notes | |
(0008559) bwalton (administrator) 2010-12-14 03:20 |
Working on it. -Ben |
(0008572) bwalton (administrator) 2010-12-16 00:01 |
Packages available in experimental. I haven't tested these myself yet, so treat with care. I won't have a chance to do so until alter tonight. pkgutil -t http://buildfarm.opencsw.org/opencsw/experimental/exim [^] -i CSWexim Thanks -Ben |
(0008576) bwalton (administrator) 2010-12-16 22:19 |
The updates have serious issues. I'm working to resolve them. More on this later tonight... |
(0008596) bwalton (administrator) 2010-12-18 20:53 |
Ok, the update in experimental seem reasonable to me. Please test and let me know your experience. http://buildfarm.opencsw.org/experimental.html#exim [^] Sorry this has taken so long. :( Thanks -Ben |
(0008607) dm26 (reporter) 2010-12-20 15:54 |
Ben, I've tested the new build on a couple of servers and it looks ok so far. Thanks for your help. Darren Miller |
(0008608) bwalton (administrator) 2010-12-20 16:08 |
Hi Darren, Are you by any chance using either of the mysql or postgresql lookup facilities? My own exim use is as a smarthost relay, so I'm not personally using any of these advanced lookup types. Thanks -Ben |
(0008613) dm26 (reporter) 2010-12-20 21:37 |
Ben, no, I'm only using a basic configuration. Darren |
(0008620) bwalton (administrator) 2010-12-21 01:53 |
Updated packages pushed to release. -Ben |
Copyright © 2000 - 2008 Mantis Group |