|
Message-ID: <20180210181121.y757bod5yjdefrj4@jumper.schlittermann.de>
Date: Sat, 10 Feb 2018 19:11:21 +0100
From: Heiko Schlittermann <hs@...marc.schlittermann.de>
To: oss-security@...ts.openwall.com
Subject: Exim 4.90.1 released. (Was: CVE-2018-6789 Exim 4.90 and earlier:
buffer overflow)
We released Exim 4.90.1 just now.
---------------------------------
This is mainly a security release to fix CVE-2018-6789, a buffer
overflow in base64d(). Please update your systems to 4.90.1. The
reporter of the bug claims to have a working exploit. See
http://exim.org/static/doc/security/CVE-2018-6789.txt for the timeline.
This release contains some other important bug fixes since 4.90, but no
additional features. Please see the ChangeLog
ftp://ftp.exim.org/pub/exim/exim4/ChangeLog
The Distros should have built packages already.
The sources can be obtained directly from the Git repos
git://git.exim.org/exim.git tag: exim-4_90_1
git://git.exim.org/exim.git tag: exim-4_90_1
The tag is signed with my GPG key¹.
Alternativly you may fetch the tarballs from the mirrors listed
on
https://www.exim.org/mirmon/ftp_mirrors.html
or directly from
ftp://ftp.exim.org/pub/exim/exim4/
https://ftp.exim.org/pub/exim/exim4/
The tarballs are signed with my GPG key¹. Next to the tarballs you will
find a sha512sum.txt, in case you are happy with simple integrity check
only.
¹) If you get a "key expired" message, please refresh my key from
the public keyservers.
Thank you for using Exim.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.