UbuntuUpdates.org

Package "exim4-config"

Name: exim4-config

Description:

configuration for the Exim MTA (v4)

Latest version: 4.93-13ubuntu1.12
Release: focal (20.04)
Level: security
Repository: main
Head package: exim4
Homepage: https://www.exim.org/

Links


Download "exim4-config"


Other versions of "exim4-config" in Focal

Repository Area Version
base main 4.93-13ubuntu1
updates main 4.93-13ubuntu1.12

Changelog

Version: 4.93-13ubuntu1.7 2022-11-24 15:06:29 UTC

  exim4 (4.93-13ubuntu1.7) focal-security; urgency=medium

  * SECURITY UPDATE: use after free in regex handler
    - debian/patches/CVE-2022-3559-1.patch: properly clear references in
      src/exim.c, src/expand.c, src/functions.h, src/globals.c,
      src/regex.c, src/smtp_in.c.
    - debian/patches/CVE-2022-3559-2.patch: fix non-WITH_CONTENT_SCAN build
      in src/exim.c, src/regex.c.
    - debian/patches/CVE-2022-3559-3.patch: fix non-WITH_CONTENT_SCAN build
      in src/exim.c, src/functions.h, src/globals.h, src/regex.c,
      src/smtp_in.c.
    - debian/patches/CVE-2022-3559-4.patch: fix non-WITH_CONTENT_SCAN build
      in src/expand.c.
    - CVE-2022-3559

 -- Marc Deslauriers <email address hidden> Wed, 23 Nov 2022 10:54:36 -0500

Source diff to previous version
CVE-2022-3559 A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manip

Version: 4.93-13ubuntu1.6 2022-08-22 12:07:13 UTC

  exim4 (4.93-13ubuntu1.6) focal-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer overflow
    - debian/patches/CVE-2022-37452.patch: Fix host_name_lookup
      in src/host.c.
    - CVE-2022-37452

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 17 Aug 2022 08:04:06 -0300

Source diff to previous version
CVE-2022-37452 Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.

Version: 4.93-13ubuntu1.5 2021-05-04 15:07:15 UTC

  exim4 (4.93-13ubuntu1.5) focal-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/sec-202105/*.patch: backport patches from upstream to
      correct issues.
    - CVE-2020-28007, CVE-2020-28008, CVE-2020-28009, CVE-2020-28010,
      CVE-2020-28011, CVE-2020-28012, CVE-2020-28013, CVE-2020-28014,
      CVE-2020-28015, CVE-2020-28016, CVE-2020-28017, CVE-2020-28018,
      CVE-2020-28019, CVE-2020-28021, CVE-2020-28022, CVE-2020-28023,
      CVE-2020-28024, CVE-2020-28025, CVE-2020-28026, CVE-2021-27216

 -- Marc Deslauriers <email address hidden> Wed, 28 Apr 2021 09:19:17 -0400

Source diff to previous version

Version: 4.93-13ubuntu1.1 2020-05-19 14:06:35 UTC

  exim4 (4.93-13ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2020-12783-*.patch: fix SPA
      authenticator, checking client-supplied data before using it
      in src/auths/spa.c, src/auths/spa-spa.c.
    - CVE-2020-12783

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 14 May 2020 10:29:45 -0300

CVE-2020-12783 Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/aut



About   -   Send Feedback to @ubuntu_updates