it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5728-1] exim4 security update

From: Salvatore Bonaccorso <carnil AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5728-1] exim4 security update
Date: Wed, 10 Jul 2024 20:28:59 +0000
List-archive: https://lists.debian.org/msgid-search/E1sRdvv-00HZWL-Dk AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=B5Ty14GZHsGlyTkKI/TZRBop5bNSl6BWvIlYyYggs3s=; b=AS 5pgE0kwsc+RO0W/2K+0QyPYLd0zuHhm4M6KlXjVCMwajtDtpMlCYEKWiDol6cCsjTmfV1SHP01p6l 8RRLF4iKWdlp5X/Jj1LFcRwUkvCkGJMzW1Up7yzHh2RYSU1c9ULGfrdT5i9FwmXeeHEEDP5nSKzRB A2fw0d+sRTCDbSarsjJgc5UB+LiV8wpd3X5fIFJGui8RbnM3wn1ggHFoNQxj0BQahc53Sxfr1GKCk 24k0HWNR0x1qyTxeWLbV9d3d4Hrw4p9WByKG9UE+Nlo2hCaIQtuvLgMjk/1qUCA0uXm2NaXxi7G7d MvK6i+CVuSUUTyS2nyk1bjxVyMrduPsQ==;
Old-return-path: <carnil AT seger.debian.org>
Priority: urgent
Resent-date: Wed, 10 Jul 2024 20:29:45 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <Xbt6Q-mRJbN.A.5nIH.58ujmB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5728-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 10, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : exim4
CVE ID : CVE-2024-39929
Debian Bug : 1075785

Phillip Szelat discovered that Exim, a mail transport agent, does not
properly parse a multiline RFC 2231 header filename, allowing a remote
attacker to bypass a $mime_filename based extension-blocking protection
mechanism.

For the oldstable distribution (bullseye), this problem has been fixed
in version 4.94.2-7+deb11u3.

For the stable distribution (bookworm), this problem has been fixed in
version 4.96-15+deb12u5.

We recommend that you upgrade your exim4 packages.

For the detailed security status of exim4 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/exim4

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaO7kFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SQbQ//Xf0lnD7yltYNVPwznIlXWJYasQQUgq7B5s9p9djogOnGK1W8fHS4m5g7
7nk4P7mI6YeYp2LZ3uOll4WhqRDes7UtCIKYq18vs8PqljoWusvg1Ay8UPp8q8lZ
ria6PTz3I0baMIzLtEilNNC2NYHwuS04wfs/7g6Rih/bzTRCJcUKa8tUtXVv7/7/
WCnWDOcSIuNFBX7aOeO+PNlSCo/Cc2ku/6e4HOsGR1Y6P2moWYhSZ+xOuP/lphxP
IxMzzRjIZ7f9yUtoiajpTcZ2w6pCSGYs9WVsFyeajXiI5ZQjSF5iMs6W/9/ZcF8o
Lf6ZPZxOt/hp1zfTL1UwQCacjMV6ZrGzjL1kXVwkFywc9xlEu6zgGApEi9pIAL9k
yOT7RaU4UCJg5DMotNwlQaVop8X8NbKEFA1MBlDnVK/1I0zyPb3cOQjOT13kj0hr
+RX9o7icU6X0G1BW2rMLrAFZZsTkRPkp6wH66zoXywfgNdk9u06sL4GrXUNAtU1j
LvttKCiArpYQ1R3bEcq0SZPCiPXOQglwXRP0+lOnyvbnm7H+gq8qdhyp8AqELxcn
7W1PuvGD02p16cyYZLRX7QwooJQ2xu6ZF8pgWOUts4H5nacXLg6YR/eK53SGgGHT
9BNJzodKqmh72z1fdzpOeo7WhjQk29+/NEUipZ6aqQi/4wGpuTU=
=gyDE
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5728-1] exim4 security update, Salvatore Bonaccorso, 10.07.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.