summaryrefslogtreecommitdiff
path: root/doc/doc-txt
diff options
context:
space:
mode:
authorHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>2016-12-22 12:01:16 +0100
committerHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>2016-12-22 12:01:38 +0100
commit7b61e16cf87fd6e648e630d3119bcc5b1fbde145 (patch)
tree21c330152e9803012375a42625b8a9ae439980be /doc/doc-txt
parent57091745e6d5ce4259c645b3ac63838668d55b7f (diff)
Doc: clarify CVE-2016-9963
Diffstat (limited to 'doc/doc-txt')
-rw-r--r--doc/doc-txt/cve-2016-966313
1 files changed, 11 insertions, 2 deletions
diff --git a/doc/doc-txt/cve-2016-9663 b/doc/doc-txt/cve-2016-9663
index ae85a73cb..ffff3db52 100644
--- a/doc/doc-txt/cve-2016-9663
+++ b/doc/doc-txt/cve-2016-9663
@@ -60,8 +60,8 @@ Fix
Install a fixed Exim version:
- 4.88 (available soon)
- 4.87.1 (available soon)
+ 4.88
+ 4.87.1
If you can't install one of the above versions, ask your package
maintainer for a version containing the backported fix. On request and
@@ -69,6 +69,11 @@ depending on our resources we will support you in backporting the fix.
(Please note, that Exim project officially doesn't support versions
prior the current stable version.)
+If you think that you MIGHT be affected, we HIGHLY recommend to create
+a new set of DKIM keys and fade out the previous DKIM key soon to make
+sure that a possibly leaked DKIM key can not be misused in the future.
+
+
Workaround
==========
@@ -84,3 +89,7 @@ You can check if you where affected already. The mainlog entries look like this:
2016-12-17 09:44:33 10HmaX-0005vi-00 ** baduser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: PRDR error after -----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd\n+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+Y\ndhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB\nAoGAZPokJKQQmRK6a0zn5f8lWemy0airG66KhzDF0Pafb/nWKgDCB02gpJgdw5rJ\nbO7/HI3IeqsfRdYTP7tjfmZtPiPo1mnF7D1rSRspZjOF2yXY/ky7t7c5xChRcSxf\n+69CknwjrfteY9Aj0j6o7N+2w2uvHO+AAq8BHDgXKmPo0SECQQDzQ/glyhNH9tlO\nx+3TTMwwyZUf2mYYosN3Q9NIl3Umz/3+13K5b6Ed6fZvS/XwU55Qf5IBUVj2Fujk\nRv2lbGPpAkEA4okpnzYz5nm1X5WjpJPQPyo8nGEU1A5QfoDbkAvWYvVoYrpWPOx5\nHFpOAHkvSk1Y1vhCUa+zHwiQRBC8OMp6LwJBAOAUK/AjQ792UpWO9DM++pe2F/dP\nZdwrkYG6qFSlrvQhgwXLz5GgkfjMGoRKpDDL1XixCfzMwfVtBPnBqsNGJIECQGYX\nSIGu7L7edMXJ60C9OKluwHf9LGTQuqf4LHsDSq+4Rz3PGhREwePsMqD1/EDxEKt4\noHKtyvyeYF28aQbzARMCQQCRtJlR6vlKhxYL8+xoPrCu3MijKgVruRUcNstXkDZK\nfKQax6vhiMq+0qIiEwLA1wavyLVKZ7Mfag+/4NTcDUVC\n-----END RSA PRIVATE KEY-----\n: 550 PRDR R=<baduser@test.ex> refusal
+Even if there is no evidence in the existing log files, that a DKIM key
+leakage happened this might have happened in the past, log files might
+have been deleted already but a key leak could have ended up via mail
+bounce in a user mail box