Update Exim Version

monza · Nov 17, 2022

I have a client who pays for active cyber insurance for his business. The provider is requiring Exim 4.96 to be installed on the server for compliance. However, there is not one single version of cPanel that uses the latest version of EXIM. What are my options? Surely, I don't have to lose clients because cPanel is "insecure"!?!

cPRex · Nov 17, 2022

Hey there! I'm guessing you mean "4.96" instead of "1.96" for that version number.

cPanel 108, which is currently in the Edge tier, will have Exim 4.96 available. However, if your client is concerned about any specific CVE's or security issues, they have likely been backported to version 4.95 in versions 106 and 102.

Here is the output from an Edge server showing this:

Code:

[[email protected] ~]# /usr/local/cpanel/cpanel -V
107.9901 (build 459)
[[email protected] ~]# rpm -qa | grep -i exim
cpanel-exim-4.96-5.cp108~el8.x86_64

monza · Nov 18, 2022

cPRex said:
Hey there! I'm guessing you mean "4.96" instead of "1.96" for that version number.

cPanel 108, which is currently in the Edge tier, will have Exim 4.96 available. However, if your client is concerned about any specific CVE's or security issues, they have likely been backported to version 4.95 in versions 106 and 102.

Here is the output from an Edge server showing this:

Code:

[[email protected] ~]# /usr/local/cpanel/cpanel -V 107.9901 (build 459) [[email protected] ~]# rpm -qa | grep -i exim cpanel-exim-4.96-5.cp108~el8.x86_64

Obviously, I'm not going to run EDGE on a production server. If 4.95 has all CVE's backported from 4.96, I'm sure that would suffice. Is there documentation for this?

cPRex · Nov 18, 2022

Oh for sure you wouldn't want to run Edge in production, but that will be making its way through the tiers before the end of this year. In fact, it just got moved to Current yesterday.

There isn't necessarily documentation on this, but the RPM system can tell you. For example, if you run this command:

Code:

rpm -q cpanel-exim --changelog | grep CVE

you'll get a list of CVEs that have been patched. You can also perform other searches on the change log by adjusting the grep command.

monza · Dec 20, 2022

cPRex said:
Oh for sure you wouldn't want to run Edge in production, but that will be making its way through the tiers before the end of this year. In fact, it just got moved to Current yesterday.

There isn't necessarily documentation on this, but the RPM system can tell you. For example, if you run this command:

Code:

rpm -q cpanel-exim --changelog | grep CVE

you'll get a list of CVEs that have been patched. You can also perform other searches on the change log by adjusting the grep command.

Ok, the latest CVE was listed in the patch list, so I guess this will work for now.

Thread starter	Similar threads	Forum	Replies	Date
E	Update Exim Version from 4.96 to 4.97, on CPanel 110.0.5	Email	3	May 5, 2023
V	Exim version update to 4.93	Email	1	Jan 6, 2020
T	SOLVED [CPANEL-25561] Update EXIM to version 4.92	Email	5	Feb 14, 2019
G	error update cpanel : incompatble version of exim	Email	2	Aug 28, 2012
	Exim don't update to version 4.77	Email	2	Feb 26, 2012

Search

Search

Update Exim Version

monza

Member

cPRex

Jurassic Moderator

monza

Member

cPRex

Jurassic Moderator

monza

Member