CVE-2019-15846 fix for CentOS?

Support for security such as Firewalls and securing linux
Post Reply
peteroverethernet
Posts: 4
Joined: 2019/09/03 12:17:16

CVE-2019-15846 fix for CentOS?

Post by peteroverethernet » 2019/09/07 12:02:55

Hi folks,

another critical security issue hits also CentOS systems as reported on: https://www.exim.org/static/doc/securit ... -15846.txt

The issue is already known by Red Hat https://access.redhat.com/security/cve/cve-2019-15846 but as we all still wait for the dovecot fix which has also not been patched by Red Hat yet I would like to ask if someone knows alternative repos from the official ones to update Exim to 4.92.2 as soon as possible?

Trevor already mentioned that the CentOS team can not provide update packages before the Red Hat packages are released, so this will consume some time and no one knows if there is an exploit already available.

Regards

Peter

User avatar
TrevorH
Forum Moderator
Posts: 27181
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2019-15846 fix for CentOS?

Post by TrevorH » 2019/09/07 13:02:27

This one is different since we do not supply exim at all. It is in the third party yum repo: EPEL. You can look in the Fedora EPEL section of bugzilla.redhat.com for bug reports about this (I expect there to be a bz for this already) and if there isn't one there, raise one.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
CentOS 5 has been EOL for nearly 3 years and should no longer be used for anything!
Full time Geek, part time moderator. Use the FAQ Luke

User avatar
avij
Retired Moderator
Posts: 3039
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: CVE-2019-15846 fix for CentOS?

Post by avij » 2019/09/07 13:03:39

Yes, it's in EPEL. See the relevant update. If yum update does not give you an updated exim, try with yum update --enablerepo=epel-testing. The same instructions apply for CentOS 6.

User avatar
TrevorH
Forum Moderator
Posts: 27181
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2019-15846 fix for CentOS?

Post by TrevorH » 2019/09/07 13:05:44

It's not in epel-testing yet (as of about 2 minutes ago at 13:02 GMT)
CentOS 6 will die in November 2020 - migrate sooner rather than later!
CentOS 5 has been EOL for nearly 3 years and should no longer be used for anything!
Full time Geek, part time moderator. Use the FAQ Luke

User avatar
avij
Retired Moderator
Posts: 3039
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: CVE-2019-15846 fix for CentOS?

Post by avij » 2019/09/07 13:09:24

Right, looks like it's still on its way to mirrors, so it may take a while.

peteroverethernet
Posts: 4
Joined: 2019/09/03 12:17:16

Re: CVE-2019-15846 fix for CentOS?

Post by peteroverethernet » 2019/09/07 15:30:59

Thank you guys. I´ve tried it through epel-testing but nothing appeared so this is why I was confused. You are right it´s already on status pending accordingly to https://bodhi.fedoraproject.org/updates ... fb4fca003a

User avatar
TrevorH
Forum Moderator
Posts: 27181
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2019-15846 fix for CentOS?

Post by TrevorH » 2019/09/09 00:29:59

Looks like it's gone straight to EPEL itself

Code: Select all

exim.x86_64                                            4.92.2-1.el7                                             epel
CentOS 6 will die in November 2020 - migrate sooner rather than later!
CentOS 5 has been EOL for nearly 3 years and should no longer be used for anything!
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 7 - Security Support”