Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Status
colourGreen
titleResolved
  

Background Information

On Sunday, December 25, 2016, Exim announced a vulnerability in versions 4.69 to 4.87 of the Exim software. 

Impact

According to Exim development: "If several conditions are met, Exim leaks private information to a remote attacker."

Depending on configuration options for Exim, a domain's DKIM signing keys can be leaked to Exim log files. Additionally, if the EXPERIMENTAL_DSN_INFO=yes build flag is used, DKIM signing keys can be leaked to a remote attacker.

Exim log files are normally not readable by unprivileged users on cPanel & WHM systems. Additionally, cPanel & WHM does not provide an Exim installation with the EXPERIMENTAL_DSN_INFO=yes build flag and does not leak DKIM signing keys to remote attackers based on currently available information. As such, the most severe impacts of CVE-2016-9963 do not apply to cPanel & WHM systems.

Releases

The following versions of cPanel & WHM were patched to have the correct version of Exim.

TIERVERSION
6262.0.1
6060.0.31
5858.0.41
5656.0.41
5454.0.34
EDGE62.0.1
CURRENT62.0.1
RELEASE60.0.31
STABLE60.0.31

 

How to determine if your server is up to date

The updated RPMs provided by cPanel will contain a changelog entry with the CVE number. You can check for this changelog entry with the following command:

Code Block
languagebash
rpm -q --changelog exim | grep CVE-2016-9963

The output should resemble below:

Code Block
languagetext
- Patch for CVE-2016-9963


What to do if you are not up to date.

If your server is not running one of the above versions,  update immediately. 

To upgrade your server, use WHM's Upgrade to Latest Version interface (WHM >> Home >> cPanel >> Upgrade to Latest Version).

Alternatively, you can run the below commands to upgrade your server from the command line:

Code Block
languagebash
/scripts/upcp
/scripts/check_cpanel_rpms --fix --long-list

Verify the new Exim RPM was installed:

Code Block
languagebash
rpm -q --changelog exim | grep CVE-2016-9963

The output should resemble below:

Code Block
languagetext
- Patch for CVE-2016-9963

 

Additional documentation

Localtab Group


Localtab
activetrue
titleSuggested documentation

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "exim" and label = "whm" and space = currentSpace()


Localtab
titleFor cPanel users

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "exim" and label = "cpanel" and space = "ALD"


Localtab
titleFor WHM users

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "exim" and label = "whm" and space in (currentSpace(),"ALD")


Localtab
titleFor developers

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "exim" and space = "DD"