Vulnerability of the Exim mail server

Earlier, we wrote about a critical vulnerability of the Exim mail server, which allows you to run code on a server with root rights (CVE-2019-10149).

Another update was released for the fourth critical vulnerability in a year (CVE-2019-10149), which is only visible in the Exim 4.92 branch (4.92.0, 4.92.1 and 4.92.2) and does not overlap with the vulnerability fixed at the beginning of the month (CVE-2019-15846). The new vulnerability allows you to remotely execute your code on the server by passing a specially designed line in the EHLO command.

To protect yourself from the identified vulnerability, we recommend installing the update.

You can also apply this patch.

Or use distributions that provide packages with fixed vulnerabilities.

Ubuntu ( Only for the branch 19.04)

Linux

FreeBSD

Debian ( Only for Debian 10 Buster)

Fedora

RHEL, CentOS and SUSE/openSUSE the problem is not affected.