Package "exim4"

Name: exim4


metapackage to ease Exim MTA (v4) installation

Latest version: 4.76-3ubuntu3.4
Release: precise (12.04)
Level: security
Repository: main
Homepage: http://www.exim.org/


Download "exim4"

Other versions of "exim4" in Precise

Repository Area Version
base main 4.76-3ubuntu3
updates main 4.76-3ubuntu3.4

Packages in group

Deleted packages are displayed in grey.


Version: 4.76-3ubuntu3.4 2017-01-05 19:06:50 UTC

  exim4 (4.76-3ubuntu3.4) precise-security; urgency=medium

  * SECURITY UPDATE: DKIM information leakage
    - debian/patches/CVE-2016-9963.patch: fix information leakage in
      src/dkim.c, src/transports/smtp.c.
    - CVE-2016-9963

 -- Marc Deslauriers <email address hidden> Thu, 05 Jan 2017 08:52:13 -0500

Source diff to previous version
CVE-2016-9963 disclosure of private information

Version: 4.76-3ubuntu3.3 2016-03-15 13:07:01 UTC

  exim4 (4.76-3ubuntu3.3) precise-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via crafted lookup value
    - debian/patches/CVE-2014-2972.patch: only expand integers for integer
      math once.
    - CVE-2014-2972
  * SECURITY UPDATE: privilege escalation when used with perl_startup
    - debian/patches/CVE-2016-1531.patch: add new add_environment and
      keep_environment configuration options.
    - debian/patches/CVE-2016-1531-2.patch: don't issue env warning if env
      is empty.
    - debian/patches/CVE-2016-1531-3.patch: store the initial working
      directory, expand $initial_cwd.
    - debian/patches/CVE-2016-1531-4.patch: delay chdir(/) until we opened
      the main config.
      new options. Set "keep_environment =" by default to avoid a runtime
    - Bump exim4-config Breaks to exim4-daemon-* (<< 4.76-3ubuntu3.3).
    - debian/exim4-config.NEWS: Add entry to warn of potential breakage.
    - CVE-2016-1531
  * WARNING: This update may break existing installations.

 -- Marc Deslauriers <email address hidden> Mon, 14 Mar 2016 13:18:20 -0400

Source diff to previous version
CVE-2014-2972 expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a
CVE-2016-1531 privilege escalation

Version: 4.76-3ubuntu3.1 2012-10-26 13:06:59 UTC

  exim4 (4.76-3ubuntu3.1) precise-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via dns decode logic
    - debian/patches/CVE-2012-5671.patch: adjust max length and validate
      against it in src/pdkim/pdkim.h, src/dkim.c.
    - CVE-2012-5671
 -- Marc Deslauriers <email address hidden> Thu, 25 Oct 2012 08:26:32 -0400

CVE-2012-5671 exim4 heap overflow

About   -   Send Feedback to @ubuntu_updates