Feeds

Actualités informatiques

DSA-4517 exim4

Debian Security Advisory

DSA-4517-1 exim4 -- security update

Date Reported:
06 Sep 2019
Affected Packages:
exim4
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2019-15846.
More information:

"Zerons" and Qualys discovered that a buffer overflow triggerable in the TLS negotiation code of the Exim mail transport agent could result in the execution of arbitrary code with root privileges.

For the oldstable distribution (stretch), this problem has been fixed in version 4.89-2+deb9u6.

For the stable distribution (buster), this problem has been fixed in version 4.92-8+deb10u2.

We recommend that you upgrade your exim4 packages.

For the detailed security status of exim4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/exim4