-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-2e084c987d 2020-05-24 03:27:16.087318 --------------------------------------------------------------------------------
Name : exim Product : Fedora 32 Version : 4.93 Release : 8.fc32 URL : https://www.exim.org/ Summary : The exim mail transfer agent Description : Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flexibility in the way mail can be routed, and there are extensive facilities for checking incoming mail. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail.
-------------------------------------------------------------------------------- Update Information:
This is an update fixing out-of-bounds read in the SPA authenticator. -------------------------------------------------------------------------------- ChangeLog:
* Fri May 15 2020 Jaroslav ��karvada jskarvad@redhat.com - 4.93-8 - Fixed out-of-bounds read in the SPA authenticator Resolves: CVE-2020-12783 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1836362 - CVE-2020-12783 exim: out-of-bounds read in the SPA authenticator can lead to SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c https://bugzilla.redhat.com/show_bug.cgi?id=1836362 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-2e084c987d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------