------------------------------------------------------------------------- Debian LTS Advisory DLA-3938-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany October 29, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : exim4 Version : 4.94.2-7+deb11u4 CVE ID : CVE-2021-38371 CVE-2022-3559 CVE-2023-42117 CVE-2023-42119 Debian Bug : 992172 Multiple potential security vulnerabilities have been addressed in exim4, a mail transport agent. These issues may allow remote attackers to disclose sensitive information or execute arbitrary code but only if Exim4 is run behind or with untrusted proxy servers or DNS resolvers. If your proxy-protocol proxy or DNS resolver are trustworthy, you are not affected. For Debian 11 bullseye, these problems have been fixed in version 4.94.2-7+deb11u4. We recommend that you upgrade your exim4 packages. For the detailed security status of exim4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/exim4 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part