Debian 10228 Published by

An exim4 security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address a flaw that allows response injection (buffering).



ELA-868-1 exim4 security update

Package : exim4
Version : 4.84.2-2+deb8u10 (jessie), 4.89-2+deb9u10 (stretch)

Related CVEs :
CVE-2021-38371

A flaw was found in Exim, a Mail Transport Agent (MTA). The STARTTLS feature in
Exim allows response injection (buffering) during MTA SMTP sending. The program
will fail with an appropriate error message if such a behavior is detected now.

ELA-868-1 exim4 security update