Critical Exim Security Vulnerability: disable chunking

kevinb

Verified User
Joined
Jul 27, 2006
Messages
94
John,

On the update I'm seeing the following (Centos 7) error. Not sure if that affects anything.

Exim installation complete
Moving exim binary.
ls: cannot access /usr/sbin/exim-4.89.1-*: No such file or directory
Enabling exim in systemd...
Exim 4.89.1 Installed.
Restarting exim.
 

Ankh

Verified User
Joined
Feb 20, 2006
Messages
18
Problem is this:
cp exim /usr/sbin/exim-4.89_1-2
/bin/chown root /usr/sbin/exim-4.89_1-2
chmod a+x /usr/sbin/exim-4.89_1-2
chmod u+s /usr/sbin/exim-4.89_1-2


Exim installation complete
Moving exim binary.
ls: cannot access /usr/sbin/exim-4.89.1-*: No such file or directory
Enabling exim in systemd...
Exim 4.89.1 Installed.
Restarting exim.

It seems the directory changed from .1 to _1, but isn't altered in the ./build.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,221
Location
Maastricht
Must this be fixed some how? Had the same error like everybody.
I don't have either a .1 nore _1 directory in /usr/sbin only a exim file.
Looks like Exim is working fine though.
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,464
I have also upgraded and Exim seems to work correctly. I asked DirectAdmin support about it, and here is a copy of the answer:

I think it's fine, but you can double check:
/usr/sbin/exim -bV

to confirm the version update.
Probably just related to their use of:
4.89_1 instead of 4.89.1
which we had to mess with to get it going, but they're supposed to be releasing 4.90 shortly anyway.

If they take too long, we'll check/fix it, but my current installs have gone correctly
 

Erulezz

Verified User
Joined
Sep 14, 2015
Messages
435
Location
Arnhem, NL
If you have the security fix already in exim.conf 4.5 then it's best to stay on 4.89 because that's everything that is changed in 4.89.1 and this update is bugged :)
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,221
Location
Maastricht
@Erulezz: I was indeed using exim.conf 4.5 which contained the fix.
However I always do an Exim update if one is available after a couple of days or immediately if it's a security fix.
I always do ./build update and then ./build update_versions and since there was a curl update present, exim was updated to because I've got exim=yes in options.conf.

@ditto:
/usr/sbin/exim -bV
Exim version 4.89_1 #2 built 02-Dec-2017 23:33:44
is the output on all servers (only time difference) so it looks alright indeed.
 

bluebirdnet

Verified User
Joined
Feb 3, 2010
Messages
123
Location
Canada
trying to update Exim and get the following error. Does any one know how to fix this?

Trying to make exim...
/bin/sh scripts/source_checks

>>> Creating links to source files...
>>> Creating lookups/Makefile for building dynamic modules
>>> New Makefile & lookups/Makefile installed
>>> Use "make makefile" if you need to force rebuilding of the makefile

make[1]: Entering directory `/usr/local/directadmin/custombuild/exim-4.89.1/build-Linux-x86_64'
/bin/sh ../scripts/Configure-os.c
gcc buildconfig.c
cc1: error: unrecognized command line option "-fstack-protector-strong"
make[1]: *** [buildconfig] Error 1
make[1]: Leaving directory `/usr/local/directadmin/custombuild/exim-4.89.1/build-Linux-x86_64'
make: *** [all] Error 2

*** The make has failed, would you like to try to make again? (y,n):
 

myH2Oservers

Verified User
Joined
Mar 13, 2006
Messages
235
Location
Netherlands
trying to update Exim and get the following error. Does any one know how to fix this?
Just spent an hour debugging this issue, apparantly the build file in custombuild contains an error. This error is already fixed but not all file mirrors are up2date yet (files6 is not). To fix this:

cd /usr/local/directadmin/custombuild/
./build update
rm -f build
wget http://files.directadmin.com/services/custombuild/2.0/custombuild/build
chmod +x build

Now it will work. Do not run ./build update again as this will probably replace your build file back to version 2.0.0 (rev: 1783) that contains the problem. File 2.0.0 (rev: 1784) is the good one.
 

bluebirdnet

Verified User
Joined
Feb 3, 2010
Messages
123
Location
Canada
Just spent an hour debugging this issue, apparantly the build file in custombuild contains an error. This error is already fixed but not all file mirrors are up2date yet (files6 is not). To fix this:

cd /usr/local/directadmin/custombuild/
./build update
rm -f build
wget http://files.directadmin.com/services/custombuild/2.0/custombuild/build
chmod +x build

Now it will work. Do not run ./build update again as this will probably replace your build file back to version 2.0.0 (rev: 1783) that contains the problem. File 2.0.0 (rev: 1784) is the good one.
Thanks @Dutch TSE for this solution!

I changed my options.conf to use the correct download server and then was able to run update normally.

downloadserver=files.directadmin.com
 
Top