[Pkg-exim4-users] Critical Exim Security Vulnerability: disable chunking

Andreas Metzler ametzler at bebt.de
Sun Nov 26 07:11:58 UTC 2017


On 2017-11-25 Tim Landscheidt <tim at tim-landscheidt.de> wrote:
> Phil Pennock <pdp at exim.org> wrote:

>> […]

>> With immediate effect, please apply this workaround: if you are running
>> Exim 4.88 or newer (4.89 is current, 4.90 is upcoming) then in the main
>> section of your Exim configuration, set:

>> […]

> Just to clarify: Exim < 4.88 (for example Debian Jessie) is
> not affected?

Afaik, yes. Both bugs are triggered by BDAT codepaths. BDAT/CHUNKING
support was only introduced in 4.88.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



More information about the Pkg-exim4-users mailing list