[SECURITY] [DSA 5887-1] exim4 security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5887-1] exim4 security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 26 Mar 2025 14:41:00 +0000
Message-id: <[🔎] E1txRwC-009FKZ-Iz@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5887-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 26, 2025                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : exim4
CVE ID         : CVE-2025-30232

It was discovered that a use-after-free vulnerability in Exim4, a mail
transport agent, may result in privilege escalation for a local
attacker.

For the stable distribution (bookworm), this problem has been fixed in
version 4.96-15+deb12u7.

We recommend that you upgrade your exim4 packages.

For the detailed security status of exim4 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/exim4

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmfkETFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TD6xAAmsPks6VJ8GfLXlxlFtkOLhK9C2Qze1r/wnTJNfB1GQoPqIBG8h+zgXz/
JPTBYLRHVesZCjGY4N2+rGKycXzljeBSdumcNKcjOu3yKaelnuuBD1vaXB2NR+yQ
XXSGn9g/bX0//Rt5PC4U2nbw5p4UkkQ9Pda+EOFt5jjr/2cFu8RMpddfRHrL+DYe
bWdW3EarBQjAKmi74k+euBF7Cgof16XowSuyf8oTXq8TKW72r1YBC3JAF+eDu/Wt
nU4hyEDJm8D1mLORtemI6FVsy4tpWh9dwBCARZuSqy6IHOulyJK/ip2IPF/jDT1x
ENweGdFT+/4uwkhuIU3091+01WYmrCFEuc/Mio/64bLQ0VOwWrv8EKKFxLZMg+xt
E050pW+6PIy8oiUtnmtTmaLmev5pQg7gFf6eS9K9OFbNAP5LW4vGOVnEwsC7QbYF
WKKuRIuX6KvyVqOs/qIdqHT8ermJ9KJHxRXX7UZ3CArmqvRvP5Cx8BjesV5UwnEp
fUqRoIvOXuFN6xkur7td+p0UXJJIlwRl5ArVLoKcJTErOpntY+8HpdOoS0rrVHah
RJU9glohR8SGGI+Np988ReatQnRRrQkiuXUjzmaqjqkCmOtvWiU/0jKPR0E/WGU5
6Y8/3BmPsvKwLQZWis1skWLNtbNL7q3KDFiYC6VnR4GhgPwHHpY=
=tBpE
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5886-1] ruby-rack security update
Next by Date: [SECURITY] [DSA 5888-1] ghostscript security update
Previous by thread: [SECURITY] [DSA 5886-1] ruby-rack security update
Next by thread: [SECURITY] [DSA 5888-1] ghostscript security update
Index(es):
- Date
- Thread