4.92.3 exim update

[maxo-tt]

Hello,

as its said here Exim 4.92.3 security release [LWN.net]

All versions from (and including) 4.92 up to (and including) 4.92.2 are
vulnerable.

i got 4.92
[[email protected] ~]# exim --version |head -1
Exim version 4.92 #2

how to update exim to 4.92.3?

does cpanel has its way how to update exim server?

Thanks

 

[Infopro]

The changelog should be of some use to you:

84 Change Log - Change Logs - cPanel Documentation

documentation.cpanel.net

2019-09-28
[security] Fixed case CPANEL-29669: Updated Exim for CVE-2019-16928.

 

[maxo-tt]

The changelog should be of some use to you:

84 Change Log - Change Logs - cPanel Documentation

documentation.cpanel.net

2019-09-28
[security] Fixed case CPANEL-29669: Updated Exim for CVE-2019-16928.

that's ok, but i ask here another thing.

if i want to update EXIM to the latest version, how i do that? cpanel has his own method or make & install ?


to say with another words:
i just want to have latest exim installed on my server.

 

[Infopro]

cPanel updates will update EXIM for you as needed.

Running this command as root should prove useful:
whmapi1 installed_versions packages=1|grep exim

root [/]# whmapi1 installed_versions packages=1|grep exim
  exim: 4.92-4
    - exim-4.92-4.cp1180.x86_64
root [/]# _

 

[hicom]

Found the CVE on Cpanel KB: CVE-2019-15846 Exim - cPanel Knowledge Base - cPanel Documentation

It is strange though when contacting mail server through telnet, get the message:
220-host.domain.com ESMTP Exim 4.92 #2 Sun, 06 Oct 2019 15:07:14 -0400
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
quit

version 4.92 #2 even though >rpm -q exim states exim-4.92-4.cp1180.x86_64

 

[razortw]

Will cPanel release a proper update?
PCI scanners go crazy when they see that the version is Exim 4.92 #2.

This has been a pain in the butt actually and my customers are torturing me with their PCI reports.
They don't want to hear about false positives, they just want a 'Pass'.