An exim4 security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address a heap-based buffer overflow issue.
ELA-692-1 exim4 security update
Package exim4
ELA-692-1 exim4 security update
Version 4.84.2-2+deb8u9 (jessie), 4.89-2+deb9u9 (stretch)
Related CVEs CVE-2022-37452
It was discovered that in Exim, a mail transport agent, handling an e-mail can cause a heap-based buffer overflow in some situations. An attacker can cause a denial-of-service (DoS) and possibly execute arbitrary code.
For Debian 8 jessie, these problems have been fixed in version 4.84.2-2+deb8u9.
For Debian 9 stretch, these problems have been fixed in version 4.89-2+deb9u9.
We recommend that you upgrade your exim4 packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
