Package "exim4-config"

Name: exim4-config


configuration for the Exim MTA (v4)

Latest version: 4.76-3ubuntu3.4
Release: precise (12.04)
Level: updates
Repository: main
Head package: exim4
Homepage: http://www.exim.org/


Download "exim4-config"

Other versions of "exim4-config" in Precise

Repository Area Version
base main 4.76-3ubuntu3
security main 4.76-3ubuntu3.4


Version: 4.76-3ubuntu3.4 2017-01-05 20:06:52 UTC

  exim4 (4.76-3ubuntu3.4) precise-security; urgency=medium

  * SECURITY UPDATE: DKIM information leakage
    - debian/patches/CVE-2016-9963.patch: fix information leakage in
      src/dkim.c, src/transports/smtp.c.
    - CVE-2016-9963

 -- Marc Deslauriers <email address hidden> Thu, 05 Jan 2017 08:52:13 -0500

Source diff to previous version
CVE-2016-9963 disclosure of private information

Version: 4.76-3ubuntu3.3 2016-03-15 14:07:44 UTC

  exim4 (4.76-3ubuntu3.3) precise-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via crafted lookup value
    - debian/patches/CVE-2014-2972.patch: only expand integers for integer
      math once.
    - CVE-2014-2972
  * SECURITY UPDATE: privilege escalation when used with perl_startup
    - debian/patches/CVE-2016-1531.patch: add new add_environment and
      keep_environment configuration options.
    - debian/patches/CVE-2016-1531-2.patch: don't issue env warning if env
      is empty.
    - debian/patches/CVE-2016-1531-3.patch: store the initial working
      directory, expand $initial_cwd.
    - debian/patches/CVE-2016-1531-4.patch: delay chdir(/) until we opened
      the main config.
      new options. Set "keep_environment =" by default to avoid a runtime
    - Bump exim4-config Breaks to exim4-daemon-* (<< 4.76-3ubuntu3.3).
    - debian/exim4-config.NEWS: Add entry to warn of potential breakage.
    - CVE-2016-1531
  * WARNING: This update may break existing installations.

 -- Marc Deslauriers <email address hidden> Mon, 14 Mar 2016 13:18:20 -0400

Source diff to previous version
CVE-2014-2972 expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a
CVE-2016-1531 privilege escalation

Version: 4.76-3ubuntu3.2 2013-04-02 19:06:46 UTC

  exim4 (4.76-3ubuntu3.2) precise-proposed; urgency=low

  * Increase smtp_cmd_buffer_size to 16384 (upstream bug #879, fixed in 4.77).
    This allows using smtp kerberos/gssapi auth against AD/samba4 on windows.
    (LP: #1088136)
 -- Sergey Urushkin <email address hidden> Wed, 12 Dec 2012 16:05:42 -0800

Source diff to previous version
1088136 AUTH cannot handle a request with an initial-response over 2048 bytes (GSSAPI-related)

Version: 4.76-3ubuntu3.1 2012-10-26 13:06:56 UTC

  exim4 (4.76-3ubuntu3.1) precise-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via dns decode logic
    - debian/patches/CVE-2012-5671.patch: adjust max length and validate
      against it in src/pdkim/pdkim.h, src/dkim.c.
    - CVE-2012-5671
 -- Marc Deslauriers <email address hidden> Thu, 25 Oct 2012 08:26:32 -0400

CVE-2012-5671 exim4 heap overflow

About   -   Send Feedback to @ubuntu_updates