-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2020-2056b1c4a9 2020-05-31 00:39:15.117016 --------------------------------------------------------------------------------

Name : exim Product : Fedora EPEL 8 Version : 4.93 Release : 3.el8 URL : https://www.exim.org/ Summary : The exim mail transfer agent Description : Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flexibility in the way mail can be routed, and there are extensive facilities for checking incoming mail. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail.

-------------------------------------------------------------------------------- Update Information:

This is an update fixing out-of-bounds read in the SPA authenticator. -------------------------------------------------------------------------------- ChangeLog:

* Fri May 15 2020 Jaroslav ��karvada jskarvad@redhat.com - 4.93-3 - Fixed out-of-bounds read in the SPA authenticator Resolves: CVE-2020-12783 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1836362 - CVE-2020-12783 exim: out-of-bounds read in the SPA authenticator can lead to SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c https://bugzilla.redhat.com/show_bug.cgi?id=1836362 --------------------------------------------------------------------------------

This update can be installed with the "yum" update programs. Use su -c 'yum update exim' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7%5C /html/System_Administrators_Guide/ch-yum.html

All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------