CVE-2019-10149 : Debian has Released Critical Security Update for Exim

Debian has released security update for exim4 package.

This release fixes vulnerability against exim4 package.

Date Reported: 05-June-2019

Fix Released On: N/A

Severity Level: Critical

Affected Packages: exim4

Affected Operating System & Version:

Debian 8 (Jessie) – Not Affected
Debian 9 (Stretch)

Details:

The Qualys Research Labs reported a flaw in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

It’s recommended to update the Exim4 package ASAP.

For more details about the security issues, and other related information, refer to the CVE pages.

Debian Security Advisory References:

DSA-4456-1

Security Database References (CVE):

CVE-2019-10149

Solution:

This issue have been fixed on Debian 9 (Stretch) in version 4.89-2+deb9u4.

Run the following command to install the above updates.

$ sudo apt install --only-upgrade exim4

The installed security fixes can be verified in the package change log using the following methods.

Using manual method.

$ zgrep -i "CVE-2019-10149" /usr/share/doc/exim4/changelog.Debian.gz

Using debsecan command.

$ debsecan | grep CVE-2019-10149

June 9, 2019

linuxtechnews

Security Updates

CVE-2019-10149, Exim, Exim4, mail server, security release, Security Update, Vulnerability fixes

LinuxTechNews

CVE-2019-10149 : Debian has Released Critical Security Update for Exim

Leave a Reply Cancel reply