Remote root vulnerability in Exim

With followup at:

http://www.exim.org/lurker/message/2010 … d0.en.html">http://www.exim.org/lurker/message/20101210.164935.385e04d0.en.html

Debian lenny should be fixed on your next update/upgrade tango. Ubuntu 6.06, 8.04 and 9.10 are based on Exim <= 4.69 and MAY be vulnerable, although I haven't actually looked to see if they've been patched or tested. So, if you're running one of those versions, check your http://www.ubuntu.com/usn in the mornin'. RHEL has a fix pushed, so it should hit CentOS within 6-8 weeks.

http://www.ubuntu.com/usn/usn-1032-1

Ubuntu 9.10 and lower

I have two linodes with Centos.

Is it possible to apply the RHEL fix to Centos manually via downloading the rpm somewhere and apply it?

Any pointers would be great! thanks

@greenriver33:

Is it possible to apply the RHEL fix to Centos manually via downloading the rpm somewhere and apply it?

I believe so, but I haven't tested it.

However, Redhat only distributes the source RPMs for non-RHN subscribers, so you'll have to compile it yourself.

The source RPM is here: ~~[http://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/exim-4.63-5.el55.2.src.rpm" target="blank">](http://ftp.redhat.com/pub/redhat/linux/ … .2.src.rpm">http://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/exim-4.63-5.el5_5.2.src.rpm](

And CentOS wiki instructions on building a package from the source RPM: http://wiki.centos.org/HowTos/RebuildSRPM

Edit: Looks like the CentOS update's available now.

thanks Erasmus for the tip!