Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Status
colourGreen
titleRESOLVED
  


Background Information

On Monday, June 19, 2017, Qualsys announced memory handling vulnerabilities in a number of software distributions, including a vulnerability that could leverage a bug in the Exim software to achieve a local privilege escalation to root. 

 


 

Impact

Vulnerable versions of Exim can be susceptible to local privilege escalation to root.

 

Releases

TIERVERSION
6464.0.30
6262.0.25
CURRENT64.0.30
RELEASE64.0.30
STABLE64.0.30

 

How to determine if your server is up to date

The updated RPMs provided by cPanel will contain a changelog entry with the CVE number. You can check for this changelog entry with the following command:

Code Block
languagebash
themeEmacs
rpm -q --changelog exim | grep CVE-2017-1000369

The output should resemble below:

Code Block
languagebash
themeEmacs
- Applied patch for CVE-2017-1000369


What to do if you are not up to date.

If your server is not running one of the above versions, update immediately. 

To upgrade your server, use WHM's Upgrade to Latest Version interface (WHM >> Home >> cPanel >> Upgrade to Latest Version).

Alternatively, you can run the below commands to upgrade your server from the command line:

Code Block
languagebash
themeEmacs
/scripts/upcp
/scripts/check_cpanel_rpms --fix --long-list

Verify the new Exim RPM was installed:

Code Block
languagebash
themeEmacs
rpm -q --changelog exim | grep CVE-2017-1000369

The output should resemble below:

Code Block
languagebash
themeEmacs
- Applied patch for CVE-2017-1000369

 

Additional documentation

Localtab Group


Localtab
activetrue
titleSuggested documentation

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "exim" and label = "whm" and space = currentSpace()


Localtab
titleFor cPanel users

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "exim" and label = "cpanel" and space = "ALD"


Localtab
titleFor WHM users

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "exim" and label = "whm" and space in (currentSpace(),"ALD")


Localtab
titleFor developers

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "exim" and space = "DD"