[SECURITY] [DLA 2650-1] exim4 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2650-1] exim4 security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Wed, 5 May 2021 10:38:28 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2105051036270.15506@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2650-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
May 05, 2021                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : exim4
Version        : 4.89-2+deb9u8
CVE ID         : CVE-2020-28007 CVE-2020-28008 CVE-2020-28009
                 CVE-2020-28011 CVE-2020-28012 CVE-2020-28013
                 CVE-2020-28014 CVE-2020-28015 CVE-2020-28017
                 CVE-2020-28019 CVE-2020-28020 CVE-2020-28021
                 CVE-2020-28022 CVE-2020-28023 CVE-2020-28024
                 CVE-2020-28025 CVE-2020-28026

The Qualys Research Labs reported several vulnerabilities in Exim, a mailtransport agent, which could result in local privilege escalation andremote code execution.

Details can be found in the Qualys advisory athttps://www.qualys.com/2021/05/04/21nails/21nails.txt



For Debian 9 stretch, these problems have been fixed in version
4.89-2+deb9u8.

We recommend that you upgrade your exim4 packages.

For the detailed security status of exim4 please refer to its securitytracker page at: https://security-tracker.debian.org/tracker/exim4


Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmCSdaRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdbjxAAs2u8DRFpTKQRB/RnUbobesrZUchr2FH96gJNUWLqQBvFdRs2fa5ub5MS
G+fQxtTRvFdAADwtl5792m3TVsjcQW6P3uqa1CWgqqP3NMPhHPaOMy3pdSnKOA08
k17M//FQIhwpPlr1kK6MEn29vVpHH/1zR6EHfA1pJgYRTCRjLEuRc+fsTE7d0NjG
I3wbMbv/tGlDo80Od5B22wfqP8i8M33ZX8lQAoQc+GyCuU+R5rRtGAhH/+JkMt+b
iVvFo5L+V0TJBPkInPLCgnoOJJLnU9+o2hzbcJ6Lag0BcP67oIAqr91MVL7/p6MK
YS7FDXN2d4jZzzRIRXaFvtyFb9ajbgoA5ozyti2+grbgHA+cX4x/awaAxJzoV4qY
En75wx+0/Qbzzkk4zApsYOgmrBgUHa9y4plDT6JEOxM1gPPjVftxTO7ARGYNMQJl
L2Udje2TkE9rxQQmm5jnAqIoX/uMrun0fOOwiY/zXL9PfcVZBShwQNo2Q7BKXQSA
46srW9a9WZu8CqIdofMQZXyzP2qmPeDuk2gwWnRPxwmnzmgFGLK2XMHzHUa3Fs+S
kNWuk02X+UIL0owOr8dPlcZquH99QPUa1lwuVYz9AVl9+q30q6sspIyHWYI/GDtU
o9OW1hyXjlgyNjBaJW8MsQvT7ggbtgy+ptyGaEI9LVVqzX39CQI=
=audv
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2648-1] mediawiki security update
Next by Date: [SECURITY] [DLA 2651-1] python-django security update
Previous by thread: [SECURITY] [DLA 2648-1] mediawiki security update
Next by thread: [SECURITY] [DLA 2651-1] python-django security update
Index(es):
- Date
- Thread