Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 10 Feb 2018 19:11:21 +0100
From: Heiko Schlittermann <hs@...marc.schlittermann.de>
To: oss-security@...ts.openwall.com
Subject: Exim 4.90.1 released. (Was: CVE-2018-6789 Exim 4.90 and earlier:
 buffer overflow)

We released Exim 4.90.1 just now.
---------------------------------

This is mainly a security release to fix CVE-2018-6789, a buffer
overflow in base64d(). Please update your systems to 4.90.1.  The
reporter of the bug claims to have a working exploit.  See
http://exim.org/static/doc/security/CVE-2018-6789.txt for the timeline.

This release contains some other important bug fixes since 4.90, but no
additional features. Please see the ChangeLog
ftp://ftp.exim.org/pub/exim/exim4/ChangeLog

The Distros should have built packages already.

The sources can be obtained directly from the Git repos

    git://git.exim.org/exim.git     tag: exim-4_90_1
    git://git.exim.org/exim.git     tag: exim-4_90_1

The tag is signed with my GPG key¹.

Alternativly you may fetch the tarballs from the mirrors listed
on 
    https://www.exim.org/mirmon/ftp_mirrors.html

or directly from

      ftp://ftp.exim.org/pub/exim/exim4/
    https://ftp.exim.org/pub/exim/exim4/

The tarballs are signed with my GPG key¹. Next to the tarballs you will
find a sha512sum.txt, in case you are happy with simple integrity check
only.

¹) If you get a "key expired" message, please refresh my key from
the public keyservers.

Thank you for using Exim.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.