| Package | exim4 |
|---|---|
| Version | 4.89-2+deb9u13 (stretch), 4.92-8+deb10u10 (buster) |
| Related CVEs | CVE-2024-39929 |
An issue has been found in exim4, the Mail Transport Agent. Due to bad parsing of multiline RFC 2231 header filenames in mime ACL, a remote attacker could bypass this protection mechanism and potentially deliver executable attachements to mailboxes.
For Debian 10 buster, these problems have been fixed in version 4.92-8+deb10u10.
For Debian 9 stretch, these problems have been fixed in version 4.89-2+deb9u13.
We recommend that you upgrade your exim4 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.