UbuntuUpdates.org

Package "exim4-daemon-light"

Name: exim4-daemon-light

Description:

lightweight Exim MTA (v4) daemon

Latest version: 4.86.2-2ubuntu2.6
Release: xenial (16.04)
Level: security
Repository: main
Head package: exim4
Homepage: http://www.exim.org/

Links


Download "exim4-daemon-light"


Other versions of "exim4-daemon-light" in Xenial

Repository Area Version
base main 4.86.2-2ubuntu2
updates main 4.86.2-2ubuntu2.6

Changelog

Version: 4.86.2-2ubuntu2.6 2020-05-19 14:06:27 UTC

  exim4 (4.86.2-2ubuntu2.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2020-12783-*.patch: fix SPA
      authenticator, checking client-supplied data before using it
      in src/auths/spa.c, src/auths/spa-spa.c.
    - CVE-2020-12783

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 14 May 2020 09:54:21 -0300

Source diff to previous version
CVE-2020-12783 Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/aut

Version: 4.86.2-2ubuntu2.5 2019-09-06 14:08:06 UTC

  exim4 (4.86.2-2ubuntu2.5) xenial-security; urgency=medium

  * SECURITY UPDATE: remote command execution
    - debian/patches/CVE-2019-15846.patch: ensure not to interpret '\\'
      before '\0' in src/string.c
    - CVE-2019-15846

 -- Alex Murray <email address hidden> Thu, 05 Sep 2019 11:19:50 +0930

Source diff to previous version
CVE-2019-15846 local or remote attacker can execute programs with root privileges

Version: 4.86.2-2ubuntu2.4 2019-07-25 17:07:24 UTC

  exim4 (4.86.2-2ubuntu2.4) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution via ${sort }
    - debian/patches/CVE-2019-13917.patch: avoid re-expansion in ${sort }
      in src/expand.c.
    - CVE-2019-13917

 -- Marc Deslauriers <email address hidden> Fri, 19 Jul 2019 07:21:10 -0400

Source diff to previous version

Version: 4.86.2-2ubuntu2.3 2018-02-12 17:06:26 UTC

  exim4 (4.86.2-2ubuntu2.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow in base64d()
    - debian/patches/CVE-2018-6789.patch: fix overflow in
      src/auths/b64decode.c.
    - CVE-2018-6789

 -- Marc Deslauriers <email address hidden> Sat, 10 Feb 2018 14:18:40 -0500

Source diff to previous version
CVE-2018-6789 An issue was discovered in the SMTP listener in Exim 4.90 and earlier. By sending a handcrafted message, a buffer overflow may happen in a specific f

Version: 4.86.2-2ubuntu2.2 2017-06-19 16:06:26 UTC

  exim4 (4.86.2-2ubuntu2.2) xenial-security; urgency=medium

  * SECURITY UPDATE: memory leak
    - debian/patches/93_CVE-2017-1000368.patch: free -p argument if
      allocation was required.
    - CVE-2017-1000368

 -- Steve Beattie <email address hidden> Fri, 02 Jun 2017 22:07:28 -0700

CVE-2017-1000 RESERVED



About   -   Send Feedback to @ubuntu_updates