oss-sec mailing list archives
Exim 4.90.1 released. (Was: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow)
From: Heiko Schlittermann <hs () nodmarc schlittermann de>
Date: Sat, 10 Feb 2018 19:11:21 +0100
We released Exim 4.90.1 just now. --------------------------------- This is mainly a security release to fix CVE-2018-6789, a buffer overflow in base64d(). Please update your systems to 4.90.1. The reporter of the bug claims to have a working exploit. See http://exim.org/static/doc/security/CVE-2018-6789.txt for the timeline. This release contains some other important bug fixes since 4.90, but no additional features. Please see the ChangeLog ftp://ftp.exim.org/pub/exim/exim4/ChangeLog The Distros should have built packages already. The sources can be obtained directly from the Git repos git://git.exim.org/exim.git tag: exim-4_90_1 git://git.exim.org/exim.git tag: exim-4_90_1 The tag is signed with my GPG key¹. Alternativly you may fetch the tarballs from the mirrors listed on https://www.exim.org/mirmon/ftp_mirrors.html or directly from ftp://ftp.exim.org/pub/exim/exim4/ https://ftp.exim.org/pub/exim/exim4/ The tarballs are signed with my GPG key¹. Next to the tarballs you will find a sha512sum.txt, in case you are happy with simple integrity check only. ¹) If you get a "key expired" message, please refresh my key from the public keyservers. Thank you for using Exim. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
Attachment:
signature.asc
Description:
Current thread:
- CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann (Feb 07)
- Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann (Feb 08)
- Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann (Feb 08)
- Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Ian Zimmerman (Feb 08)
- Re: Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann (Feb 08)
- Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann (Feb 10)
- Exim 4.90.1 released. (Was: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow) Heiko Schlittermann (Feb 10)
- Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann (Feb 08)