UbuntuUpdates.org

Package "exim4"

Name: exim4

Description:

metapackage to ease Exim MTA (v4) installation

Latest version: 4.86.2-2ubuntu2.5
Release: xenial (16.04)
Level: updates
Repository: main
Homepage: http://www.exim.org/

Links

Save this URL for the latest version of "exim4": https://www.ubuntuupdates.org/exim4


Download "exim4"


Other versions of "exim4" in Xenial

Repository Area Version
base main 4.86.2-2ubuntu2
security main 4.86.2-2ubuntu2.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.86.2-2ubuntu2.5 2019-09-06 14:08:09 UTC

  exim4 (4.86.2-2ubuntu2.5) xenial-security; urgency=medium

  * SECURITY UPDATE: remote command execution
    - debian/patches/CVE-2019-15846.patch: ensure not to interpret '\\'
      before '\0' in src/string.c
    - CVE-2019-15846

 -- Alex Murray <email address hidden> Thu, 05 Sep 2019 11:19:50 +0930

Source diff to previous version
CVE-2019-15846 local or remote attacker can execute programs with root privileges

Version: 4.86.2-2ubuntu2.4 2019-07-25 17:07:27 UTC

  exim4 (4.86.2-2ubuntu2.4) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution via ${sort }
    - debian/patches/CVE-2019-13917.patch: avoid re-expansion in ${sort }
      in src/expand.c.
    - CVE-2019-13917

 -- Marc Deslauriers <email address hidden> Fri, 19 Jul 2019 07:21:10 -0400

Source diff to previous version

Version: 4.86.2-2ubuntu2.3 2018-02-12 20:07:10 UTC

  exim4 (4.86.2-2ubuntu2.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow in base64d()
    - debian/patches/CVE-2018-6789.patch: fix overflow in
      src/auths/b64decode.c.
    - CVE-2018-6789

 -- Marc Deslauriers <email address hidden> Sat, 10 Feb 2018 14:18:40 -0500

Source diff to previous version
CVE-2018-6789 An issue was discovered in the SMTP listener in Exim 4.90 and earlier. By sending a handcrafted message, a buffer overflow may happen in a specific f

Version: 4.86.2-2ubuntu2.2 2017-06-19 18:06:41 UTC

  exim4 (4.86.2-2ubuntu2.2) xenial-security; urgency=medium

  * SECURITY UPDATE: memory leak
    - debian/patches/93_CVE-2017-1000368.patch: free -p argument if
      allocation was required.
    - CVE-2017-1000368

 -- Steve Beattie <email address hidden> Fri, 02 Jun 2017 22:07:28 -0700

Source diff to previous version
CVE-2017-1000 RESERVED

Version: 4.86.2-2ubuntu2.1 2017-01-05 20:06:57 UTC

  exim4 (4.86.2-2ubuntu2.1) xenial-security; urgency=medium

  * SECURITY UPDATE: DKIM information leakage
    - debian/patches/CVE-2016-9963.patch: fix information leakage in
      src/dkim.c, src/transports/smtp.c.
    - CVE-2016-9963

 -- Marc Deslauriers <email address hidden> Thu, 05 Jan 2017 08:29:10 -0500

CVE-2016-9963 disclosure of private information



About   -   Send Feedback to @ubuntu_updates