UbuntuUpdates.org

Package "exim4"

Name: exim4

Description:

metapackage to ease Exim MTA (v4) installation
Latest version: 4.93-13ubuntu1.12
Release: focal (20.04)
Level: security
Repository: main
Homepage: https://www.exim.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "exim4"

All arch deb package
APT INSTALL

Other versions of "exim4" in Focal

Repository Area Version
base main 4.93-13ubuntu1
security universe 4.93-13ubuntu1.12
updates universe 4.93-13ubuntu1.12
updates main 4.93-13ubuntu1.12

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.93-13ubuntu1.12 2024-07-31 21:07:05 UTC

  exim4 (4.93-13ubuntu1.12) focal-security; urgency=medium

  * SECURITY UPDATE: Multiline header filename parsing issue
    - debian/patches/CVE-2024-39929-*.patch: Fix MIME parsing of filenames
      specified using multiple parameters.
    - CVE-2024-39929

 -- Fabian Toepfer <email address hidden> Tue, 30 Jul 2024 21:25:41 +0200
Source diff to previous version
CVE-2024-39929 Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protecti

Version: 4.93-13ubuntu1.11 2024-07-09 12:07:06 UTC

  exim4 (4.93-13ubuntu1.11) focal-security; urgency=medium

  * SECURITY UPDATE: response injection (buffering)
    - debian/patches/CVE-2021-38371.patch: Enforce STARTTLS sync point,
      client side
    - CVE-2021-38371

 -- Shishir Subedi <email address hidden> Thu, 27 Jun 2024 11:52:17 +0545
Source diff to previous version
CVE-2021-38371 The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.

Version: 4.93-13ubuntu1.10 2024-01-29 12:10:21 UTC

  exim4 (4.93-13ubuntu1.10) focal-security; urgency=medium

  * SECURITY UPDATE: SMTP smuggling
    - debian/patches/CVE-2023-51766-1.patch: Reject "dot, LF" as
      ending data phase in src/receive.c, src/smtp_in.c.
    - debian/patches/CVE-2023-51766-2.patch: use enum for body data
      input state-machine in src/receive.c.
    - debian/patches/CVE-2023-51766-3.patch: fix in src/receive.c.
    - CVE-2023-51766

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 11 Jan 2024 10:28:33 -0300
Source diff to previous version
CVE-2023-51766 Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique t

Version: 4.93-13ubuntu1.9 2023-10-27 00:07:27 UTC

  exim4 (4.93-13ubuntu1.9) focal-security; urgency=medium

  * SECURITY UPDATE: remote code execution
    - debian/patches/CVE-2023-42117.patch: fixed string_is_ip_address()
      in string.c
    - CVE-2023-42117
  * SECURITY UPDATE: information disclosure
    - debian/patches/CVE-2023-42119.patch: hardened dnsdb.c against
      crafted DNS responses.
    - CVE-2023-42119

 -- Allen Huang <email address hidden> Wed, 25 Oct 2023 01:39:47 +0100
Source diff to previous version
CVE-2023-42117 Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability
CVE-2023-42119 Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability

Version: 4.93-13ubuntu1.8 2023-10-04 15:11:47 UTC

  exim4 (4.93-13ubuntu1.8) focal-security; urgency=medium

  * SECURITY UPDATE: information disclosure
    - debian/patches/CVE-2023-42114.patch: fix possible OOB read in
      SPA authenticator
    - CVE-2023-42114
  * SECURITY UPDATE: remote code execution
    - debian/patches/CVE-2023-42115.patch: fix possible OOB write in
      external authenticator
    - CVE-2023-42115
  * SECURITY UPDATE: remote code execution
    - debian/patches/CVE-2023-42116.patch: fix possible OOB write in
      SPA authenticator
    - CVE-2023-42116
  * debian/patches/CVE-2023-42114_15_16.patch:
    - use uschar more in spa authenticator

 -- Allen Huang <email address hidden> Mon, 02 Oct 2023 17:21:29 +0100
CVE-2023-42114 Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2023-42115 Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-42116 Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability


About   -   Send Feedback to @ubuntu_updates