Support for security such as Firewalls and securing linux
- Posts: 56
- Joined: 2013/11/13 10:41:22
All versions of Exim previous to version 4.87 are now obsolete and everyone is very strongly recommended to upgrade to a current release. The last 3.x release was 3.36. It is obsolete and should not be used.
The current version is 4.87
In CentOs 6.X the last Exim avaiable is 4.72 who is a very old version. Also if is patched can have security issue, please upgrade it to the last.
Bug Issue reported to RedHat https://bugzilla.redhat.com/show_bug.cgi?id=1357417
- Forum Moderator
- Posts: 26936
- Joined: 2009/09/24 10:40:56
- Location: Brighton, UK
CentOS does not supply exim at all except in CentOS 5 which is nearly obsolete. You would need to report this to EPEL via bugzilla.redhat.com in the Fedora EPEL section. However, be aware that in common with RHEL/CentOS philosophy, exim from EPEL carries additional security patches on top of its notional version number and those fixes are detailed in the rpm changelog. I ran repoquery --changelog exim | less
but if you have it installed then you can just use rpm -q --changelog exim | less
Code: Select all
* Thu Jun 09 2016 Jaroslav Škarvada <firstname.lastname@example.org> - 4.84.2-3
- Allow configuration of user:group through sysconfig
* Mon Apr 18 2016 Jaroslav Škarvada <email@example.com> - 4.84.2-2
- Used sane environment defaults in default configuration
* Thu Mar 24 2016 Jaroslav Škarvada <firstname.lastname@example.org> - 4.84.2-1
- New version
- Fixed local privilege escalation for set-uid root when using perl_startup
* Fri Feb 12 2016 Jaroslav Škarvada <email@example.com> - 4.72-8
- Backported openssl_options to e.g. disable SSLv3
CentOS 5 died in March 2017 - migrate NOW!
CentOS 6 goes EOL sooner rather than later, get upgrading!
Full time Geek, part time moderator. Use the FAQ Luke