[SECURITY] [DLA 762-1] exim4 security update

2016-12-2510:59:29

lists.debian.org

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.2%

JSON

Package : exim4
Version : 4.80-7+deb7u4
CVE ID : CVE-2016-9963

Bjoern Jacke discovered that Exim, Debian's default mail transfer agent,
may leak the private DKIM signing key to the log files if specific
configuration options are met.

For Debian 7 "Wheezy", these problems have been fixed in version
4.80-7+deb7u4.

We recommend that you upgrade your exim4 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian8ppc64elexim4-daemon-light< 4.84.2-2+deb8u2exim4-daemon-light_4.84.2-2+deb8u2_ppc64el.deb
Debian8s390xexim4-base< 4.84.2-2+deb8u2exim4-base_4.84.2-2+deb8u2_s390x.deb
Debian8kfreebsd-amd64exim4-daemon-light< 4.84.2-2+deb8u2exim4-daemon-light_4.84.2-2+deb8u2_kfreebsd-amd64.deb
Debian8i386exim4-dbg< 4.84.2-2+deb8u2exim4-dbg_4.84.2-2+deb8u2_i386.deb
Debian7armhfexim4-daemon-light< 4.80-7+deb7u4exim4-daemon-light_4.80-7+deb7u4_armhf.deb
Debian8ppc64elexim4-dev< 4.84.2-2+deb8u2exim4-dev_4.84.2-2+deb8u2_ppc64el.deb
Debian8powerpceximon4< 4.84.2-2+deb8u2eximon4_4.84.2-2+deb8u2_powerpc.deb
Debian8ppc64elexim4-daemon-heavy-dbg< 4.84.2-2+deb8u2exim4-daemon-heavy-dbg_4.84.2-2+deb8u2_ppc64el.deb
Debian8kfreebsd-i386exim4-daemon-heavy< 4.84.2-2+deb8u2exim4-daemon-heavy_4.84.2-2+deb8u2_kfreebsd-i386.deb
Debian8kfreebsd-amd64exim4-daemon-heavy< 4.84.2-2+deb8u2exim4-daemon-heavy_4.84.2-2+deb8u2_kfreebsd-amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	ppc64el	exim4-daemon-light	< 4.84.2-2+deb8u2	exim4-daemon-light_4.84.2-2+deb8u2_ppc64el.deb
Debian	8	s390x	exim4-base	< 4.84.2-2+deb8u2	exim4-base_4.84.2-2+deb8u2_s390x.deb
Debian	8	kfreebsd-amd64	exim4-daemon-light	< 4.84.2-2+deb8u2	exim4-daemon-light_4.84.2-2+deb8u2_kfreebsd-amd64.deb
Debian	8	i386	exim4-dbg	< 4.84.2-2+deb8u2	exim4-dbg_4.84.2-2+deb8u2_i386.deb
Debian	7	armhf	exim4-daemon-light	< 4.80-7+deb7u4	exim4-daemon-light_4.80-7+deb7u4_armhf.deb
Debian	8	ppc64el	exim4-dev	< 4.84.2-2+deb8u2	exim4-dev_4.84.2-2+deb8u2_ppc64el.deb
Debian	8	powerpc	eximon4	< 4.84.2-2+deb8u2	eximon4_4.84.2-2+deb8u2_powerpc.deb
Debian	8	ppc64el	exim4-daemon-heavy-dbg	< 4.84.2-2+deb8u2	exim4-daemon-heavy-dbg_4.84.2-2+deb8u2_ppc64el.deb
Debian	8	kfreebsd-i386	exim4-daemon-heavy	< 4.84.2-2+deb8u2	exim4-daemon-heavy_4.84.2-2+deb8u2_kfreebsd-i386.deb
Debian	8	kfreebsd-amd64	exim4-daemon-heavy	< 4.84.2-2+deb8u2	exim4-daemon-heavy_4.84.2-2+deb8u2_kfreebsd-amd64.deb