UbuntuUpdates.org

Package "exim4-daemon-heavy"

Name: exim4-daemon-heavy

Description:

Exim MTA (v4) daemon with extended features, including exiscan-acl
Latest version: 4.97-4ubuntu4.4
Release: noble (24.04)
Level: updates
Repository: main
Head package: exim4
Homepage: https://www.exim.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "exim4-daemon-heavy"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "exim4-daemon-heavy" in Noble

Repository Area Version
base main 4.97-4ubuntu4
security main 4.97-4ubuntu4.4

Changelog

Version: 4.97-4ubuntu4.4 2026-05-04 15:35:40 UTC

  exim4 (4.97-4ubuntu4.4) noble-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/CVE-2026-4068*.patch: backported upstream fixes.
    - CVE-2026-40685 - Possible OOB read/write on corrupt JSON in header
    - CVE-2026-40686 - Possible OOB read with large UTF8 trailing chars
    - CVE-2026-40687 - Possible OOB read/write with SPA authenticator

 -- Marc Deslauriers <email address hidden> Wed, 29 Apr 2026 13:16:58 -0400
Source diff to previous version
CVE-2026-4068 The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is
CVE-2026-40685 In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrus
CVE-2026-40686 In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-
CVE-2026-40687 In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes

Version: 4.97-4ubuntu4.3 2025-03-26 20:07:07 UTC

  exim4 (4.97-4ubuntu4.3) noble-security; urgency=medium

  * SECURITY UPDATE: use-after-free security issue
    - debian/patches/CVE-2025-30232.patch: null out debug_pretrigger_buf
      pointer before freeing the buffer in src/debug.c.
    - CVE-2025-30232

 -- Marc Deslauriers <email address hidden> Fri, 21 Mar 2025 10:14:44 -0400
Source diff to previous version

Version: 4.97-4ubuntu4.2 2024-12-11 22:06:51 UTC

  exim4 (4.97-4ubuntu4.2) noble; urgency=medium

  * d/p/lp2077893-*.patch: Fix crashes due to memory allocation when using
    PCRE2 (LP: #2077893).
  * d/control: Add libnsl-dev dependency for exim4-daemon-heavy (LP: #2084391).

 -- Lena Voytek <email address hidden> Wed, 16 Oct 2024 15:31:42 -0700
Source diff to previous version
2077893 Current exim version have crashes inside PCRE2 lib
2084391 apt build-dep exim4-daemon-heavy omits libnsl-dev

Version: 4.97-4ubuntu4.1 2024-07-31 23:07:13 UTC

  exim4 (4.97-4ubuntu4.1) noble-security; urgency=medium

  * SECURITY UPDATE: Multiline header filename parsing issue
    - debian/patches/CVE-2024-39929-*.patch: Fix MIME parsing of filenames
      specified using multiple parameters.
    - CVE-2024-39929

 -- Fabian Toepfer <email address hidden> Tue, 30 Jul 2024 21:17:37 +0200
CVE-2024-39929 Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protecti


About   -   Send Feedback to @ubuntu_updates