UbuntuUpdates.org

Package "eximon4"

Name: eximon4

Description:

monitor application for the Exim MTA (v4) (X11 interface)

Latest version: 4.96-17ubuntu2.2
Release: mantic (23.10)
Level: updates
Repository: universe
Head package: exim4
Homepage: https://www.exim.org/

Links


Download "eximon4"


Other versions of "eximon4" in Mantic

Repository Area Version
base universe 4.96-17ubuntu2
security universe 4.96-17ubuntu2.2

Changelog

Version: 4.96-17ubuntu2.2 2024-01-29 14:09:52 UTC

  exim4 (4.96-17ubuntu2.2) mantic-security; urgency=medium

  * SECURITY UPDATE: SMTP smuggling
    - debian/patches/CVE-2023-51766-1.patch: Reject "dot, LF" as
      ending data phase in src/receive.c, src/smtp_in.c.
    - debian/patches/CVE-2023-51766-2.patch: use enum for body data
      input state-machine in src/receive.c.
    - debian/patches/CVE-2023-51766-3.patch: fix in src/receive.c.
    - CVE-2023-51766

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 11 Jan 2024 12:40:18 -0300

Source diff to previous version
CVE-2023-51766 Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique t

Version: 4.96-17ubuntu2.1 2023-10-27 01:10:04 UTC

  exim4 (4.96-17ubuntu2.1) mantic-security; urgency=medium

  * SECURITY UPDATE: remote code execution
    - debian/patches/CVE-2023-42117.patch: fixed string_is_ip_address()
      in string.c
    - CVE-2023-42117
  * SECURITY UPDATE: information disclosure
    - debian/patches/CVE-2023-42119.patch: hardened dnsdb.c against
      crafted DNS responses.
    - CVE-2023-42119

 -- Allen Huang <email address hidden> Wed, 25 Oct 2023 01:21:02 +0100

CVE-2023-42117 Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability
CVE-2023-42119 Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability



About   -   Send Feedback to @ubuntu_updates