Debian 10264 Published by

An exim4 security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address a heap-based buffer overflow issue.



ELA-692-1 exim4 security update

Package exim4
Version 4.84.2-2+deb8u9 (jessie), 4.89-2+deb9u9 (stretch)
Related CVEs CVE-2022-37452

It was discovered that in Exim, a mail transport agent, handling an e-mail can cause a heap-based buffer overflow in some situations. An attacker can cause a denial-of-service (DoS) and possibly execute arbitrary code.

For Debian 8 jessie, these problems have been fixed in version 4.84.2-2+deb8u9.

For Debian 9 stretch, these problems have been fixed in version 4.89-2+deb9u9.

We recommend that you upgrade your exim4 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-692-1 exim4 security update