Debian Security Advisory
DSA-4517-1 exim4 -- security update
- Date Reported:
- 06 Sep 2019
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2019-15846.
- More information:
"Zerons" and Qualys discovered that a buffer overflow triggerable in the TLS negotiation code of the Exim mail transport agent could result in the execution of arbitrary code with root privileges.
For the oldstable distribution (stretch), this problem has been fixed in version 4.89-2+deb9u6.
For the stable distribution (buster), this problem has been fixed in version 4.92-8+deb10u2.
We recommend that you upgrade your exim4 packages.
For the detailed security status of exim4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/exim4