| Package | exim4 |
|---|---|
| Version | 4.84.2-2+deb8u9 (jessie), 4.89-2+deb9u9 (stretch) |
| Related CVEs | CVE-2022-37452 |
It was discovered that in Exim, a mail transport agent, handling an e-mail can cause a heap-based buffer overflow in some situations. An attacker can cause a denial-of-service (DoS) and possibly execute arbitrary code.
For Debian 8 jessie, these problems have been fixed in version 4.84.2-2+deb8u9.
For Debian 9 stretch, these problems have been fixed in version 4.89-2+deb9u9.
We recommend that you upgrade your exim4 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.