UbuntuUpdates.org

Package "exim4"

Name: exim4

Description:

metapackage to ease Exim MTA (v4) installation

Latest version: 4.90.1-1ubuntu1.10
Release: bionic (18.04)
Level: updates
Repository: main
Homepage: https://www.exim.org/

Links


Download "exim4"


Other versions of "exim4" in Bionic

Repository Area Version
base main 4.90.1-1ubuntu1
base universe 4.90.1-1ubuntu1
security main 4.90.1-1ubuntu1.10
security universe 4.90.1-1ubuntu1.10
updates universe 4.90.1-1ubuntu1.10

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.90.1-1ubuntu1.10 2022-11-24 17:07:21 UTC

  exim4 (4.90.1-1ubuntu1.10) bionic-security; urgency=medium

  * SECURITY UPDATE: use after free in regex handler
    - debian/patches/CVE-2022-3559-1.patch: properly clear references in
      src/exim.c, src/expand.c, src/functions.h, src/globals.c,
      src/regex.c, src/smtp_in.c.
    - debian/patches/CVE-2022-3559-2.patch: fix non-WITH_CONTENT_SCAN build
      in src/exim.c, src/regex.c.
    - debian/patches/CVE-2022-3559-3.patch: fix non-WITH_CONTENT_SCAN build
      in src/exim.c, src/functions.h, src/globals.h, src/regex.c,
      src/smtp_in.c.
    - debian/patches/CVE-2022-3559-4.patch: fix non-WITH_CONTENT_SCAN build
      in src/expand.c.
    - CVE-2022-3559

 -- Marc Deslauriers <email address hidden> Wed, 23 Nov 2022 10:55:59 -0500

Source diff to previous version
CVE-2022-3559 A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manip

Version: 4.90.1-1ubuntu1.9 2022-08-22 12:07:09 UTC

  exim4 (4.90.1-1ubuntu1.9) bionic-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer overflow
    - debian/patches/CVE-2022-37452.patch: Fix host_name_lookup
      in src/host.c.
    - CVE-2022-37452

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 17 Aug 2022 08:12:18 -0300

Source diff to previous version
CVE-2022-37452 Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.

Version: 4.90.1-1ubuntu1.8 2021-05-04 16:06:36 UTC

  exim4 (4.90.1-1ubuntu1.8) bionic-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/sec-may2021-*.patch: backport patches from upstream to
      correct issues.
    - CVE-2020-28007, CVE-2020-28008, CVE-2020-28009, CVE-2020-28010,
      CVE-2020-28011, CVE-2020-28012, CVE-2020-28013, CVE-2020-28014,
      CVE-2020-28015, CVE-2020-28016, CVE-2020-28017, CVE-2020-28018,
      CVE-2020-28019, CVE-2020-28020, CVE-2020-28021, CVE-2020-28022,
      CVE-2020-28023, CVE-2020-28024, CVE-2020-28025, CVE-2020-28026,
      CVE-2021-27216

 -- Marc Deslauriers <email address hidden> Fri, 30 Apr 2021 10:15:04 -0400

Source diff to previous version

Version: 4.90.1-1ubuntu1.5 2020-05-19 15:07:30 UTC

  exim4 (4.90.1-1ubuntu1.5) bionic-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2020-12783-*.patch: fix SPA
      authenticator, checking client-supplied data before using it
      in src/auths/spa.c, src/auths/spa-spa.c.
    - CVE-2020-12783

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 14 May 2020 10:10:01 -0300

Source diff to previous version
CVE-2020-12783 Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/aut

Version: 4.90.1-1ubuntu1.4 2019-09-06 14:08:17 UTC

  exim4 (4.90.1-1ubuntu1.4) bionic-security; urgency=medium

  * SECURITY UPDATE: remote command execution
    - debian/patches/CVE-2019-15846.patch: ensure not to interpret '\\'
      before '\0' in src/string.c
    - CVE-2019-15846

 -- Alex Murray <email address hidden> Wed, 04 Sep 2019 21:14:01 +0930

CVE-2019-15846 local or remote attacker can execute programs with root privileges



About   -   Send Feedback to @ubuntu_updates