Exim upgrade - required and if so custombuild or yum?

paul-w

Verified User
Joined
Jan 25, 2006
Messages
50
Location
Berkshire, UK
My CentOS x64 6.6 system has Exim 4.76 installed.

I did think that it needs upgrading because of the recent security vulnerabilities CVE-2017-16943 and CVE-2017-16944 but after reading the details I note that these vulnerabilities only seem to apply to Exim 4.88 and 4.89.

I see version 4.76 has vulnerabilities from 2012 and 2014 but they only apply under specific circumstances which I am reasonably sure don't apply to my configuration.

So am I correct in thinking that perhaps I don't need to upgrade exim at all? My system will probably only be needed for another year and I'd rather leave it alone if I can possibly get away with it.

If I do need to upgrade, I am trying to decide how to go about it.

Normally, custombuild would be the way to go but I am using MailScanner rather than the normal DA configuration.

I installed exim 4.76 a long time ago - from source back in 2012 by the looks of it though I can't be completely sure.

I am uncertain now whether to use custombuild or yum and the Fedora project's EPEL x86_64 repository.

Either way, I'll obviously backup the current config before upgrading and apply the same custom settings afterwards.

Priority for me is not to break anything so looking for the most reliable upgrade method if, indeed, I need to upgrade at all.
 
Hello,

If you don't want to upgrade exim on your server, you don't need to ask us about it. My position is to always have the latest version of binaries.
 
Back
Top