UbuntuUpdates.org

Package "exim4-daemon-light"

Name: exim4-daemon-light

Description:

lightweight Exim MTA (v4) daemon

Latest version: 4.93-13ubuntu1.10
Release: focal (20.04)
Level: security
Repository: main
Head package: exim4
Homepage: https://www.exim.org/

Links


Download "exim4-daemon-light"


Other versions of "exim4-daemon-light" in Focal

Repository Area Version
base main 4.93-13ubuntu1
updates main 4.93-13ubuntu1.10

Changelog

Version: 4.93-13ubuntu1.10 2024-01-29 12:10:21 UTC

  exim4 (4.93-13ubuntu1.10) focal-security; urgency=medium

  * SECURITY UPDATE: SMTP smuggling
    - debian/patches/CVE-2023-51766-1.patch: Reject "dot, LF" as
      ending data phase in src/receive.c, src/smtp_in.c.
    - debian/patches/CVE-2023-51766-2.patch: use enum for body data
      input state-machine in src/receive.c.
    - debian/patches/CVE-2023-51766-3.patch: fix in src/receive.c.
    - CVE-2023-51766

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 11 Jan 2024 10:28:33 -0300

Source diff to previous version
CVE-2023-51766 Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique t

Version: 4.93-13ubuntu1.9 2023-10-27 00:07:27 UTC

  exim4 (4.93-13ubuntu1.9) focal-security; urgency=medium

  * SECURITY UPDATE: remote code execution
    - debian/patches/CVE-2023-42117.patch: fixed string_is_ip_address()
      in string.c
    - CVE-2023-42117
  * SECURITY UPDATE: information disclosure
    - debian/patches/CVE-2023-42119.patch: hardened dnsdb.c against
      crafted DNS responses.
    - CVE-2023-42119

 -- Allen Huang <email address hidden> Wed, 25 Oct 2023 01:39:47 +0100

Source diff to previous version
CVE-2023-42117 Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability
CVE-2023-42119 Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability

Version: 4.93-13ubuntu1.8 2023-10-04 15:11:47 UTC

  exim4 (4.93-13ubuntu1.8) focal-security; urgency=medium

  * SECURITY UPDATE: information disclosure
    - debian/patches/CVE-2023-42114.patch: fix possible OOB read in
      SPA authenticator
    - CVE-2023-42114
  * SECURITY UPDATE: remote code execution
    - debian/patches/CVE-2023-42115.patch: fix possible OOB write in
      external authenticator
    - CVE-2023-42115
  * SECURITY UPDATE: remote code execution
    - debian/patches/CVE-2023-42116.patch: fix possible OOB write in
      SPA authenticator
    - CVE-2023-42116
  * debian/patches/CVE-2023-42114_15_16.patch:
    - use uschar more in spa authenticator

 -- Allen Huang <email address hidden> Mon, 02 Oct 2023 17:21:29 +0100

Source diff to previous version
CVE-2023-42114 Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2023-42115 Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-42116 Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability

Version: 4.93-13ubuntu1.7 2022-11-24 15:06:29 UTC

  exim4 (4.93-13ubuntu1.7) focal-security; urgency=medium

  * SECURITY UPDATE: use after free in regex handler
    - debian/patches/CVE-2022-3559-1.patch: properly clear references in
      src/exim.c, src/expand.c, src/functions.h, src/globals.c,
      src/regex.c, src/smtp_in.c.
    - debian/patches/CVE-2022-3559-2.patch: fix non-WITH_CONTENT_SCAN build
      in src/exim.c, src/regex.c.
    - debian/patches/CVE-2022-3559-3.patch: fix non-WITH_CONTENT_SCAN build
      in src/exim.c, src/functions.h, src/globals.h, src/regex.c,
      src/smtp_in.c.
    - debian/patches/CVE-2022-3559-4.patch: fix non-WITH_CONTENT_SCAN build
      in src/expand.c.
    - CVE-2022-3559

 -- Marc Deslauriers <email address hidden> Wed, 23 Nov 2022 10:54:36 -0500

Source diff to previous version
CVE-2022-3559 A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manip

Version: 4.93-13ubuntu1.6 2022-08-22 12:07:13 UTC

  exim4 (4.93-13ubuntu1.6) focal-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer overflow
    - debian/patches/CVE-2022-37452.patch: Fix host_name_lookup
      in src/host.c.
    - CVE-2022-37452

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 17 Aug 2022 08:04:06 -0300

CVE-2022-37452 Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.



About   -   Send Feedback to @ubuntu_updates