CVE-2019-15846 fix for CentOS?

[peteroverethernet]

Hi folks,

another critical security issue hits also CentOS systems as reported on: https://www.exim.org/static/doc/securit ... -15846.txt

The issue is already known by Red Hat https://access.redhat.com/security/cve/cve-2019-15846 but as we all still wait for the dovecot fix which has also not been patched by Red Hat yet I would like to ask if someone knows alternative repos from the official ones to update Exim to 4.92.2 as soon as possible?

Trevor already mentioned that the CentOS team can not provide update packages before the Red Hat packages are released, so this will consume some time and no one knows if there is an exploit already available.

Regards

Peter

[TrevorH]

This one is different since we do not supply exim at all. It is in the third party yum repo: EPEL. You can look in the Fedora EPEL section of bugzilla.redhat.com for bug reports about this (I expect there to be a bz for this already) and if there isn't one there, raise one.

[avij]

Yes, it's in EPEL. See the relevant update. If yum update does not give you an updated exim, try with yum update --enablerepo=epel-testing. The same instructions apply for CentOS 6.

[TrevorH]

It's not in epel-testing yet (as of about 2 minutes ago at 13:02 GMT)

[avij]

Right, looks like it's still on its way to mirrors, so it may take a while.

[peteroverethernet]

Thank you guys. I´ve tried it through epel-testing but nothing appeared so this is why I was confused. You are right it´s already on status pending accordingly to https://bodhi.fedoraproject.org/updates ... fb4fca003a

[TrevorH]

Looks like it's gone straight to EPEL itself

Code: Select all

exim.x86_64                                            4.92.2-1.el7                                             epel