Critical Exim Security Vulnerability: disable chunking

John,

On the update I'm seeing the following (Centos 7) error. Not sure if that affects anything.

Exim installation complete
Moving exim binary.
ls: cannot access /usr/sbin/exim-4.89.1-*: No such file or directory
Enabling exim in systemd...
Exim 4.89.1 Installed.
Restarting exim.
 
Problem is this:
cp exim /usr/sbin/exim-4.89_1-2
/bin/chown root /usr/sbin/exim-4.89_1-2
chmod a+x /usr/sbin/exim-4.89_1-2
chmod u+s /usr/sbin/exim-4.89_1-2


Exim installation complete
Moving exim binary.
ls: cannot access /usr/sbin/exim-4.89.1-*: No such file or directory
Enabling exim in systemd...
Exim 4.89.1 Installed.
Restarting exim.

It seems the directory changed from .1 to _1, but isn't altered in the ./build.
 
Must this be fixed some how? Had the same error like everybody.
I don't have either a .1 nore _1 directory in /usr/sbin only a exim file.
Looks like Exim is working fine though.
 
I have also upgraded and Exim seems to work correctly. I asked DirectAdmin support about it, and here is a copy of the answer:

I think it's fine, but you can double check:
/usr/sbin/exim -bV

to confirm the version update.
Probably just related to their use of:
4.89_1 instead of 4.89.1
which we had to mess with to get it going, but they're supposed to be releasing 4.90 shortly anyway.

If they take too long, we'll check/fix it, but my current installs have gone correctly
 
If you have the security fix already in exim.conf 4.5 then it's best to stay on 4.89 because that's everything that is changed in 4.89.1 and this update is bugged :)
 
@Erulezz: I was indeed using exim.conf 4.5 which contained the fix.
However I always do an Exim update if one is available after a couple of days or immediately if it's a security fix.
I always do ./build update and then ./build update_versions and since there was a curl update present, exim was updated to because I've got exim=yes in options.conf.

@ditto:
/usr/sbin/exim -bV
Exim version 4.89_1 #2 built 02-Dec-2017 23:33:44
is the output on all servers (only time difference) so it looks alright indeed.
 
trying to update Exim and get the following error. Does any one know how to fix this?

Trying to make exim...
/bin/sh scripts/source_checks

>>> Creating links to source files...
>>> Creating lookups/Makefile for building dynamic modules
>>> New Makefile & lookups/Makefile installed
>>> Use "make makefile" if you need to force rebuilding of the makefile

make[1]: Entering directory `/usr/local/directadmin/custombuild/exim-4.89.1/build-Linux-x86_64'
/bin/sh ../scripts/Configure-os.c
gcc buildconfig.c
cc1: error: unrecognized command line option "-fstack-protector-strong"
make[1]: *** [buildconfig] Error 1
make[1]: Leaving directory `/usr/local/directadmin/custombuild/exim-4.89.1/build-Linux-x86_64'
make: *** [all] Error 2

*** The make has failed, would you like to try to make again? (y,n):
 
trying to update Exim and get the following error. Does any one know how to fix this?

Just spent an hour debugging this issue, apparantly the build file in custombuild contains an error. This error is already fixed but not all file mirrors are up2date yet (files6 is not). To fix this:

cd /usr/local/directadmin/custombuild/
./build update
rm -f build
wget http://files.directadmin.com/services/custombuild/2.0/custombuild/build
chmod +x build

Now it will work. Do not run ./build update again as this will probably replace your build file back to version 2.0.0 (rev: 1783) that contains the problem. File 2.0.0 (rev: 1784) is the good one.
 
Just spent an hour debugging this issue, apparantly the build file in custombuild contains an error. This error is already fixed but not all file mirrors are up2date yet (files6 is not). To fix this:

cd /usr/local/directadmin/custombuild/
./build update
rm -f build
wget http://files.directadmin.com/services/custombuild/2.0/custombuild/build
chmod +x build

Now it will work. Do not run ./build update again as this will probably replace your build file back to version 2.0.0 (rev: 1783) that contains the problem. File 2.0.0 (rev: 1784) is the good one.

Thanks @Dutch TSE for this solution!

I changed my options.conf to use the correct download server and then was able to run update normally.

downloadserver=files.directadmin.com
 
Back
Top