CVE-2019-15846: Exim - local or remote attacker can execute programs with root privs

Already on files1, mirrors might take a couple of hours to sync.
 
@smtalk, Thank you very much! However I wonder how was you able to get the new release so soon? It is not even available on git yet: https://github.com/Exim/exim/releases

Maybe you are entitled to access Exim non-public security repository? If so, did you see this message?: https://lists.exim.org/lurker/message/20190906.054016.db2b9408.en.html

The branch got two new commits, fixing a small tool. This tool is not
designed to process untrusted data, so there is no security issue, but
it was buggy. It is unlikely to be critical.

You may consider including the fix in the packages to be
released at CRD (today, 10.00 UTC) or schedule it for a later
maintainance release of the Exim packages.

So my question is, does the version in Custombuild include thoise two new commits?

Edit: Just seconds after I wrote this, the new version was released on Git.
 
Can someone explain how exim is handled/managed by DirectAdmin?

My installation is using CustomBuild and I see that it is compiled from source. However, on the server I also notice that there is an older rpm package for exim.

Code:
[root@server ~]# rpm -qa | grep da_exim
da_exim-4.89.1-1.x86_64
[root@server ~]# exim --version | head -1
Exim version 4.92.2 #5 built 08-Sep-2019 19:56:50
2019-09-08 20:07:06 cwd=/root 2 args: exim --version

Am I safe to remove the older exim rpm package?
 
Back
Top