An exim4 security update has been released for Debian GNU/Linux 8 Extended LTS to address several vulnerabilities, which could result in local privilege escalation and remote code execution.

ELA-420-1 exim4 security update

Package exim4
Version 4.84.2-2+deb8u8
Related CVEs CVE-2020-28007 CVE-2020-28008 CVE-2020-28009 CVE-2020-28011 CVE-2020-28012 CVE-2020-28013 CVE-2020-28014 CVE-2020-28015 CVE-2020-28017 CVE-2020-28020 CVE-2020-28022 CVE-2020-28024 CVE-2020-28025
The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution.

Details can be found in the Qualys advisory at https://www.qualys.com/2021/05/04/21nails/21nails.txt

For Debian 8 jessie, these problems have been fixed in version 4.84.2-2+deb8u8.

We recommend that you upgrade your exim4 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-420-1 exim4 security update