UbuntuUpdates.org

Package "exim4-daemon-heavy-dbg"

Name: exim4-daemon-heavy-dbg

Description:

debugging symbols for the Exim MTA "heavy" daemon

Latest version: 4.82-3ubuntu2.4
Release: trusty (14.04)
Level: security
Repository: main
Head package: exim4
Homepage: http://www.exim.org/

Links


Download "exim4-daemon-heavy-dbg"


Other versions of "exim4-daemon-heavy-dbg" in Trusty

Repository Area Version
base main 4.82-3ubuntu2
updates main 4.82-3ubuntu2.4

Changelog

Version: 4.82-3ubuntu2.4 2018-02-12 17:06:24 UTC

  exim4 (4.82-3ubuntu2.4) trusty-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow in base64d()
    - debian/patches/CVE-2018-6789.patch: fix overflow in
      src/auths/b64decode.c.
    - CVE-2018-6789

 -- Marc Deslauriers <email address hidden> Sat, 10 Feb 2018 14:19:43 -0500

Source diff to previous version
CVE-2018-6789 An issue was discovered in the SMTP listener in Exim 4.90 and earlier. By sending a handcrafted message, a buffer overflow may happen in a specific f

Version: 4.82-3ubuntu2.3 2017-06-19 16:06:25 UTC

  exim4 (4.82-3ubuntu2.3) trusty-security; urgency=medium

  * SECURITY UPDATE: memory leak
    - debian/patches/CVE-2017-1000368.patch: free -p argument if
      allocation was required.
    - CVE-2017-1000368

 -- Steve Beattie <email address hidden> Fri, 02 Jun 2017 22:44:35 -0700

Source diff to previous version
CVE-2017-1000 RESERVED

Version: 4.82-3ubuntu2.2 2017-01-05 19:06:52 UTC

  exim4 (4.82-3ubuntu2.2) trusty-security; urgency=medium

  * SECURITY UPDATE: DKIM information leakage
    - debian/patches/CVE-2016-9963.patch: fix information leakage in
      src/dkim.c, src/transports/smtp.c.
    - CVE-2016-9963

 -- Marc Deslauriers <email address hidden> Thu, 05 Jan 2017 08:31:06 -0500

Source diff to previous version
CVE-2016-9963 disclosure of private information

Version: 4.82-3ubuntu2.1 2016-03-15 18:06:42 UTC

  exim4 (4.82-3ubuntu2.1) trusty-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via crafted lookup value
    - debian/patches/CVE-2014-2972.patch: only expand integers for integer
      math once.
    - CVE-2014-2972
  * SECURITY UPDATE: privilege escalation when used with perl_startup
    - debian/patches/CVE-2016-1531.patch: add new add_environment and
      keep_environment configuration options.
    - debian/patches/CVE-2016-1531-2.patch: don't issue env warning if env
      is empty.
    - debian/patches/CVE-2016-1531-3.patch: store the initial working
      directory, expand $initial_cwd.
    - debian/patches/CVE-2016-1531-4.patch: delay chdir(/) until we opened
      the main config.
    - Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the
      new options. Set "keep_environment =" by default to avoid a runtime
      warning.
    - Bump exim4-config Breaks to exim4-daemon-* (<< 4.82-3ubuntu2.1).
    - debian/exim4-config.NEWS: Add entry to warn of potential breakage.
    - CVE-2016-1531
  * WARNING: This update may break existing installations.

 -- Marc Deslauriers <email address hidden> Mon, 14 Mar 2016 12:57:00 -0400

CVE-2014-2972 expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a
CVE-2016-1531 privilege escalation



About   -   Send Feedback to @ubuntu_updates