[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: 'exim', version '4.69', is out of date

On Tue, 08 Dec 2009 17:48:24 -0500, Paul Cartwright wrote:

> On Tue December 8 2009, Camaleón wrote:
>> I'd say you have installed an application (rkhunter?) to detect any
>> possible hole in the system that is detecting outdated versions of the
>> above services.
> Yes, I use rkhunter, that was an rkhunter log message.
>> For example, the latest available version for Exim is 4.71, but I
>> suppose that having installed a previous version does not mean "per se"
>> to be in risk.
> I update my Debian Lenny system daily, and that is my issue. If 4.71 is
> available, why isn't it available to Lenny, or is this an rkhunter
> failing?

I think nor Lenny nor Rkhunter are "failing". I'll try to explain:

- Debian Lenny (stable) is not a "rolling-update" distribution. So once 
is released, it won't update packages just because there is a newer 
version available "upstream". Lenny just get updated packages when there 
is a security patch available for each of them. That is, "officially" you 
will get only security updates. Whenever a new version of any package is 
available (just the case of Exim) you can install it "by hand" and at 
your own risk (by compiling, by using a backport repository, by 
donwloading .deb file, etc...).

- Rkhunter is just doing its job: it advices you there is a newer version 
available for those packages and that's right. Is up to you upgrading 
them or not.

I, personally, would not take any step :-)

>> Just follow the advice suggested by the program and take a look into "/
>> var/log/rkhunter.log" to get more information (if any).
> basically that's what the rkhunter log says, the packages are out of
> date. But they AREN'T out of date for lenny. SO, is this a Debian Lenny
> issue, of not updating to Exim 4.71, or an rkhunter issue for telling my
> that even though I can't update to  this version, I should beware?

No one's fail. 

Juts remember that upgrading a package is not a easy task: many things 
can fail (other packages can depend on just one package, Exim, by 
instance)and that is the reason why stable  versions are not upgraded "in 
place". Just security patches are included by default.



Reply to: