Lucene search

K
debianDebianDEBIAN:DLA-3599-1:38A51
HistoryOct 02, 2023 - 4:20 p.m.

[SECURITY] [DLA 3599-1] exim4 security update

2023-10-0216:20:12
lists.debian.org
6
ntlm
exim4
system updates
cve-2023-42114
debian
mail transport agent
remote code execution
debian lts
spa
cve-2023-42116
security update
security advisories

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

Low

EPSS

0.001

Percentile

28.8%


Debian LTS Advisory DLA-3599-1 [email protected]
https://www.debian.org/lts/security/ Markus Koschany
October 02, 2023 https://wiki.debian.org/LTS

Package : exim4
Version : 4.92-8+deb10u8
CVE ID : CVE-2023-42114 CVE-2023-42116

Several vulnerabilities were discovered in Exim, a mail transport agent,
which could result in remote code execution if the SPA/NTLM authenticators
are used.

For Debian 10 buster, these problems have been fixed in version
4.92-8+deb10u8.

We recommend that you upgrade your exim4 packages.

For the detailed security status of exim4 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/exim4

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

Low

EPSS

0.001

Percentile

28.8%