CentOS 6.X need upgrade the last Exim version. The actual last version is obsolete!

Support for security such as Firewalls and securing linux
Post Reply
User avatar
peopleinside
Posts: 56
Joined: 2013/11/13 10:41:22

CentOS 6.X need upgrade the last Exim version. The actual last version is obsolete!

Post by peopleinside » 2016/07/18 07:39:55

Hi,
from exim.org
All versions of Exim previous to version 4.87 are now obsolete and everyone is very strongly recommended to upgrade to a current release. The last 3.x release was 3.36. It is obsolete and should not be used.

The current version is 4.87
In CentOs 6.X the last Exim avaiable is 4.72 who is a very old version. Also if is patched can have security issue, please upgrade it to the last.
Bug Issue reported to RedHat https://bugzilla.redhat.com/show_bug.cgi?id=1357417

User avatar
TrevorH
Forum Moderator
Posts: 26936
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CentOS 6.X need upgrade the last Exim version. The actual last version is obsolete!

Post by TrevorH » 2016/07/18 07:50:33

CentOS does not supply exim at all except in CentOS 5 which is nearly obsolete. You would need to report this to EPEL via bugzilla.redhat.com in the Fedora EPEL section. However, be aware that in common with RHEL/CentOS philosophy, exim from EPEL carries additional security patches on top of its notional version number and those fixes are detailed in the rpm changelog. I ran repoquery --changelog exim | less but if you have it installed then you can just use rpm -q --changelog exim | less to see:

Code: Select all

* Thu Jun 09 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84.2-3
- Allow configuration of user:group through sysconfig
  Resolves: rhbz#1344250

* Mon Apr 18 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84.2-2
- Used sane environment defaults in default configuration
  Resolves: rhbz#1323775

* Thu Mar 24 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84.2-1
- New version
  Resolves: rhbz#1314118
- Fixed local privilege escalation for set-uid root when using perl_startup
  Resolves: CVE-2016-1531

* Fri Feb 12 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.72-8
- Backported openssl_options to e.g. disable SSLv3
  Resolves: rhbz#1274822
CentOS 5 died in March 2017 - migrate NOW!
CentOS 6 goes EOL sooner rather than later, get upgrading!
Full time Geek, part time moderator. Use the FAQ Luke


Post Reply

Return to “CentOS 6 - Security Support”