[BSA-135] Security Update for exim4

Andreas Metzler uploaded new packages for exim4 which fixed the following security problems: CVE-2026-48840 PROXYv2 parser: reject PROXY frames whose declared payload length is too short for the claimed address family 12 bytes for TCPv4/0x11, 36 bytes for TCPv6/0x21. Previously a frame with...

[SECURITY] [DSA 6309-1] exim4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6309-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 29, 2026 https://www.debian.org/security/faq -...

Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 allowed execution with unnecessary privileges. The -oP option is available to the exim user, and it could lead to a denial of service, as files owned by root could be overwritten...

Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 allows exposure of file descriptors to an unintended control sphere, because rdainterpret uses a privileged pipe without the closeonexec flag...

Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 has an improper neutralization of line delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via the AUTH= parameter in the MAIL FROM command...

Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 allows out-of-bounds write-ups, because the main function, while having setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...

Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory owned by a non-root user, an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution...