Package "exim4-dev"
| Name: |
exim4-dev
|
Description: |
header files for the Exim MTA (v4) packages
|
| Latest version: |
4.95-4ubuntu2.6 |
| Release: |
jammy (22.04) |
| Level: |
security |
| Repository: |
main |
| Head package: |
exim4 |
| Homepage: |
https://www.exim.org/ |
Links
Download "exim4-dev"
Other versions of "exim4-dev" in Jammy
Changelog
|
exim4 (4.95-4ubuntu2.6) jammy-security; urgency=medium
* SECURITY UPDATE: Multiline header filename parsing issue
- debian/patches/CVE-2024-39929-*.patch: Fix MIME parsing of filenames
specified using multiple parameters.
- CVE-2024-39929
-- Fabian Toepfer <email address hidden> Tue, 30 Jul 2024 21:25:34 +0200
|
| Source diff to previous version |
| CVE-2024-39929 |
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protecti |
|
|
exim4 (4.95-4ubuntu2.5) jammy-security; urgency=medium
* SECURITY UPDATE: SMTP smuggling
- debian/patches/CVE-2023-51766-1.patch: Reject "dot, LF" as
ending data phase in src/receive.c, src/smtp_in.c.
- debian/patches/CVE-2023-51766-2.patch: use enum for body data
input state-machine in src/receive.c.
- debian/patches/CVE-2023-51766-3.patch: fix in src/receive.c.
- CVE-2023-51766
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 11 Jan 2024 10:16:58 -0300
|
| Source diff to previous version |
| CVE-2023-51766 |
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique t |
|
|
exim4 (4.95-4ubuntu2.4) jammy-security; urgency=medium
* SECURITY UPDATE: remote code execution
- debian/patches/CVE-2023-42117.patch: fixed string_is_ip_address()
in string.c
- CVE-2023-42117
* SECURITY UPDATE: information disclosure
- debian/patches/CVE-2023-42119.patch: hardened dnsdb.c against
crafted DNS responses.
- CVE-2023-42119
-- Allen Huang <email address hidden> Wed, 25 Oct 2023 01:36:57 +0100
|
| Source diff to previous version |
| CVE-2023-42117 |
Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability |
| CVE-2023-42119 |
Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability |
|
|
exim4 (4.95-4ubuntu2.3) jammy-security; urgency=medium
* SECURITY UPDATE: information disclosure
- debian/patches/CVE-2023-42114.patch: fix possible OOB read in
SPA authenticator
- CVE-2023-42114
* SECURITY UPDATE: remote code execution
- debian/patches/CVE-2023-42115.patch: fix possible OOB write in
external authenticator
- CVE-2023-42115
* SECURITY UPDATE: remote code execution
- debian/patches/CVE-2023-42116.patch: fix possible OOB write in
SPA authenticator
- CVE-2023-42116
* debian/patches/CVE-2023-42114_15_16.patch:
- use uschar more in spa authenticator
-- Allen Huang <email address hidden> Mon, 02 Oct 2023 17:10:42 +0100
|
| Source diff to previous version |
| CVE-2023-42114 |
Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-42115 |
Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-42116 |
Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability |
|
|
exim4 (4.95-4ubuntu2.2) jammy-security; urgency=medium
* SECURITY UPDATE: use after free in regex handler
- debian/patches/CVE-2022-3559-1.patch: properly clear references in
src/exim.c, src/expand.c, src/functions.h, src/globals.c,
src/regex.c, src/smtp_in.c.
- debian/patches/CVE-2022-3559-2.patch: fix non-WITH_CONTENT_SCAN build
in src/exim.c, src/regex.c.
- debian/patches/CVE-2022-3559-3.patch: fix non-WITH_CONTENT_SCAN build
in src/exim.c, src/functions.h, src/globals.h, src/regex.c,
src/smtp_in.c.
- debian/patches/CVE-2022-3559-4.patch: fix non-WITH_CONTENT_SCAN build
in src/expand.c.
- CVE-2022-3559
-- Marc Deslauriers <email address hidden> Wed, 23 Nov 2022 10:53:26 -0500
|
| CVE-2022-3559 |
A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manip |
|
About
-
Send Feedback to @ubuntu_updates
