Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 27 subscribers
  • Views 1563 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG affected of CVE-2019-10149. When will it be fixed?

HuberChristian

According to latest news, there seems to be a Critical Bug in EXIM Version from Version 4.87 to (and including) version 4.91.
Latest Sophos XG 17.5.5 uses EXIM 4.91 which seems to be vulnerable.

Maybe somebody of Sophos Staff could give us additional Information about this issue. I'd be interessted to know whether Sophos
plans to fix this bug immediatedly or whether it will take even Weeks or Month until this issue will be solved.

If Sophos does not plan to act immediatedly, it would be nice to know whether there is a Workarround about this... (Disabling Email Protection is definitely not accepted as a Workarround ;-) )

More Infos about the issue: https://www.tenable.com/blog/cve-2019-10149-critical-remote-command-execution-vulnerability-discovered-in-exim



This thread was automatically locked due to age.
Parents
  • 0

    Wow! I'm really surprised. There is a propper KB about this that I have missed in my Research so far.

    https://community.sophos.com/kb/en-us/134199

    Well done!

    Edit: In KB, there is no Information about whether Sophos UTM is affected of this issue. According my Informations, Sophos UTM 9.602 uses EXIM Version 4.82 which should not be affected. Maybe anybody of Sophos Staff can acknowledge?

    Edit2: According EXIM Developers, 4.82 is outdated and should not be used anywhere... ?

Reply
  • 0

    Wow! I'm really surprised. There is a propper KB about this that I have missed in my Research so far.

    https://community.sophos.com/kb/en-us/134199

    Well done!

    Edit: In KB, there is no Information about whether Sophos UTM is affected of this issue. According my Informations, Sophos UTM 9.602 uses EXIM Version 4.82 which should not be affected. Maybe anybody of Sophos Staff can acknowledge?

    Edit2: According EXIM Developers, 4.82 is outdated and should not be used anywhere... ?

Children
No Data