| Package | exim4 |
|---|---|
| Version | 4.84.2-2+deb8u13 (jessie), 4.89-2+deb9u14 (stretch), 4.92-8+deb10u11 (buster) |
| Related CVEs | CVE-2023-42117 CVE-2023-42119 |
Multiple potential security vulnerabilities have been addressed in exim4, a mail transport agent. These issues may allow remote attackers to disclose sensitive information or execute arbitrary code but only if Exim4 is run behind or with untrusted proxy servers or DNS resolvers. If your proxy-protocol proxy or DNS resolver are trustworthy, you are not affected.
In addition CVE-2021-38371 and CVE-2022-3559 have been addressed for Debian 10 “Buster” and CVE-2022-3559 for Debian 9 “Stretch”.
For Debian 10 buster, these problems have been fixed in version 4.92-8+deb10u11.
For Debian 8 jessie, these problems have been fixed in version 4.84.2-2+deb8u13.
For Debian 9 stretch, these problems have been fixed in version 4.89-2+deb9u14.
We recommend that you upgrade your exim4 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.