it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5597-1] exim4 security update

From: Salvatore Bonaccorso <carnil AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5597-1] exim4 security update
Date: Thu, 04 Jan 2024 22:01:11 +0000
List-archive: https://lists.debian.org/msgid-search/E1rLVm3-003x0V-AR AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=XI1ZFxDCwDnzq+Ug7wkFkSxsixjbD+QqvieiSmTdHWM=; b=jf 9/fOggnbaRzjutjaupS1x8qExTtp4/pZEc1utgrK2aMhy/zwlbjhqoNNGWsvMcveIAQQtIP1xDq6R wVnF9iWsvCHMhqWI9jQILcCaaDgBvqh1Zer04WfcSvud5nUTIXkTQIKJNQJpmm0+NsQSvcb26CDpL IjI0mPSFt4ZTEW60/W+A0PLs42jO+Rv9rV7OsUbdOPJa7B6wf3/0o/wUtwx88/lT3neTCfCq6zFG1 RCYyEk1CHy68s2/y9hHAeoOiiSMf3MhfdIVPefuwQiYSl+rDxpwXFKkrZIUzkYy4T2VdWJNMS/KZ+ 7MjlAnzWTFKNPBIOYpEGQFmIJBuRnGDA==;
Old-return-path: <carnil AT seger.debian.org>
Priority: urgent
Resent-date: Thu, 4 Jan 2024 22:01:39 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <1uVAUaqHSRO.A.sQC.DryllB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5597-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 04, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : exim4
CVE ID : CVE-2023-51766
Debian Bug : 1059387

It was discovered that Exim, a mail transport agent, can be induced to
accept a second message embedded as part of the body of a first message
in certain configurations where PIPELINING or CHUNKING on incoming
connections is offered.

For the oldstable distribution (bullseye), this problem has been fixed
in version 4.94.2-7+deb11u2.

For the stable distribution (bookworm), this problem has been fixed in
version 4.96-15+deb12u4.

We recommend that you upgrade your exim4 packages.

For the detailed security status of exim4 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/exim4

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWXKopfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QjSA//XoMnLi4MFMYxltCKlh24MN3boRO7vi2ZwVwmLFsI6VKqwA84x31gqr5l
FJgcgwXNsos+4rlMiY5+mRu5aIkHABPW+CRikMZhkN6mU5L1HhSSn8AcdI01xpRe
pFnZQdu5wb/h5kkb/AdfhTLXmTT5gWGvlGaNwthCFYW8YlaFSFYOg021d9zRAEWW
uKZ4QNKCq3mM+1RG/CSRw+9n8RodZaLivvJQftNbWDlIhRiQsJWLfT6jINucCdg0
5lfjYaiTTWWGmXQUz9ffl6SkFHFx27jZlFieIesRwtudQONUERVQlTRLsiD+p5Sz
Bmol5Myay9FX2SyKOFvcOJQPeUfmHERooXnyZl6ZoFU9fVRk6KRdrmIQ3ghyfu5y
mcjzpbr+Ap4gyroDd6QkJwIn8dkVlI98dvJ7taJ6Sz5yWVISdBdUG0QJMpiQFH7v
/wKEvn846ZJUMZKQstXnAjKc7RWs/T5i3NA1uI6QkgSKdMWOx38+cjHESngkSVew
nZe3U3ouBejwucI11+M8SgOw3QosDM8wyDmyWttVmH4nLrIEVNk5jJp0lK7/agIQ
KIlx6kDPoqSaN2/5jSvDzVWCJTwXJ/bPRjWDyCP8J6janVD2l73pfxPIjKcxbImK
q6JxMQeYYxzX2XxgZliGTGoNZAkFsWy+3tZdaBMt4PlKbYtnJxI=
=onc4
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5597-1] exim4 security update, Salvatore Bonaccorso, 04.01.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.