| Errata ID | 293 |
|---|---|
| Date | 2018-02-14 |
| Source package | exim4 |
| Fixed in version | 4.84.2-2+deb8u5A~4.2.3.201802121402 |
| Description | This update addresses the following issues: * Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. (CVE-2017-1000369) * An issue was discovered in the SMTP listener in Exim 4.90 and earlier. By sending a handcrafted message, a buffer overflow may happen in a specific function. This can be used to execute code remotely. (CVE-2018-6789) |
| Additional notes | |
| CVE ID | CVE-2017-1000369 CVE-2018-6789 |
| UCS Bug number | #44861 |
