pdp at exim
Jan 25, 2011, 7:47 PM
Post #1 of 1
-----BEGIN PGP SIGNED MESSAGE-----
Exim release 4.74 is now available from the primary ftp site:
This is primarily a security and bug-fix release. While NewStuff
and ChangeLog contain full details and README.UPDATING should be read,
the most notable changes since 4.73 are:
1. SECURITY FIX: CVE-2011-0017
+ Privilege escalation from exim run-time user to root
2. Using 4.73 without defining WHITELIST_D_MACROS and running a
daemon with a -D override would result in deliveries going
unlogged. Fixed to be robust in the face of this misconfiguration.
3. Log rotation with 4.73 was problematic as Exim disliked that
/dev/null was writeable. Perhaps a little too paranoid.
4. Support on some OSes for using dynamically loaded modules to
implement most external lookups. Intended for packagers, to
reduce runtime linking dependencies on the main Exim binary,
not for general purpose building.
There remain no known methods for an attacker to run code of their
choosing as the Exim run-time user in any release from 4.70 onwards.
In the event that such a method were discovered, then the ability
leverage such access to gain root would turn such problems into a
remote root exploit.
The website has not yet been updated to reflect the 4.74 release;
we're working through some process issues to complete that. We
apologise for any inconvenience caused in the meantime.
The primary ftp server is in Cambridge, England. There is a list of
The master ftp server is now ftp.exim.org.
The distribution files are signed with Phil Pennock's PGP key 0x3903637F
(uid pdp [at] exim; signed by Nigel Metheringham's PGP key DDC03262).
This key should be available from all modern PGP keyservers. The
detached ASCII signature files are in the same directory as the
tarbundles. The SHA1 hashes for the distribution files are:
The distribution contains an ASCII copy of the 4.74 manual and
other documents. Other formats of the documentation are also
The .bz2 versions of these tarbundles are also available.
The ChangeLog for this, and several previous releases, is included
in the distribution. Individual change log files are also available
on the ftp site, the current one being:-
Brief documentation for new features is available in the NewStuff
file in the distribution. Individual NewStuff files are also
available on the ftp site, the current one being:-
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
## List details at http://lists.exim.org/mailman/listinfo/exim-announce Exim details at http://www.exim.org/ ##