Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
87
security advisorydebianimportantDebian Exim4 Important Information Disclosure Fix DSA-6309-1
Warisjeet Singh discovered that Exim, a mail transport agent, does not properly handle PROXY frames whose declared payload length is too short for the claimed address family, which may result in information disclosure in configurations with SUPPORT_PROXY and 'host_proxy' set. For the oldstable distribution (bookworm), this problem has been fixed. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6309-1
May 29, 2026
•Important
Debian
172
security advisorycriticalUbuntuUbuntu 23.10: Addressing Critical Risk of Exim SPF Bypass Vulnerability
Exim could be made to bypass an SPF protection mechanism if it received a specially crafted request.. ========================================================================== Ubuntu Security Notice USN-6611-1 January 29, 2024 exim4 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Exim could be made to bypass an SPF protection mechanism if it received a specially crafted request. Software Description: - exim4: Exim is a mail transport agent Details: It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: exim4 4.96-17ubuntu2.2 exim4-base 4.96-17ubuntu2.2 eximon4 4.96-17ubuntu2.2 Ubuntu 22.04 LTS: exim4 4.95-4ubuntu2.5 exim4-base 4.95-4ubuntu2.5 eximon4 4.95-4ubuntu2.5 Ubuntu 20.04 LTS: exim4 4.93-13ubuntu1.10 exim4-base 4.93-13ubuntu1.10 eximon4 4.93-13ubuntu1.10 Ubuntu 18.04 LTS (Available with Ubuntu Pro): exim4 4.90.1-1ubuntu1.10+esm3 exim4-base 4.90.1-1ubuntu1.10+esm3 eximon4 4.90.1-1ubuntu1.10+esm3 Ubuntu 16.04 LTS (Available with Ubuntu Pro): exim4 4.86.2-2ubuntu2.6+esm6 exim4-base 4.86.2-2ubuntu2.6+esm6 eximon4 4.86.2-2ubuntu2.6+esm6 Ingeneral, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6611-1 CVE-2023-51766 Package Information: https://launchpad.net/ubuntu/+source/exim4/4.96-17ubuntu2.2 https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.5 https://launchpad.net/ubuntu/+source/exim4/4.93-13ubuntu1.10 . Ensure to upgrade your Ubuntu installations to mitigate the Exim vulnerability that impacts various versions, thereby safeguarding against potential email spoofing threats.. Exim Security, SPF Bypass, Ubuntu Update, Email Protection. . Severity: Critical. LinuxSecurity.com Team
Jan 29, 2024
•Critical
Ubuntu
197
security advisorysecurity updateauthentication issueDebian 8: DLA-2213-1 Moderate: Exim4 Authentication Bypass
It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa authentication driver is not enabled by default. . Package : exim4 Version : 4.84.2-2+deb8u7 CVE ID : CVE-2020-12783 It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa authentication driver is not enabled by default. For Debian 8 "Jessie", this problem has been fixed in version 4.84.2-2+deb8u7. We recommend that you upgrade your exim4 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . OpenSSL is affected by a critical security vulnerability; patch the software to address the issue and maintain system integrity.. exim4, security update, Debian LTS, mail agent. . Severity: Important. LinuxSecurity.com Team
May 18, 2020
•Important
Debian LTS
98
security advisorymoderatesecurity updateRed Hat: RHSA-2011:0959-01 Moderate: Mutt SSL Check Flaw
An updated mutt package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: mutt security update Advisory ID: RHSA-2011:0959-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:0959.html Issue date: 2011-07-19 CVE Names: CVE-2011-1429 ==================================================================== 1. Summary: An updated mutt package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mutt is a text-mode mail user agent. A flaw was found in the way Mutt verified SSL certificates. When a server presented an SSL certificate chain, Mutt could ignore a server hostname check failure. A remote attacker able to get a certificate from a trusted Certificate Authority could use this flaw to trick Mutt into accepting a certificate issued for a different hostname, and perform man-in-the-middle attacks against Mutt's SSL connections. (CVE-2011-1429) All Mutt users should upgrade to this updated package, which contains a backported patch to correct this issue. All running instances of Mutt must be restarted for this update totake effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 688755 - CVE-2011-1429 mutt: SSL host name check may be skipped when verifying certificate chain 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: i386: mutt-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm x86_64: mutt-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: mutt-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: mutt-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm ppc64: mutt-1.5.20-2.20091214hg736b6a.el6_1.1.ppc64.rpm mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.ppc64.rpm s390x: mutt-1.5.20-2.20091214hg736b6a.el6_1.1.s390x.rpm mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.s390x.rpm x86_64: mutt-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: mutt-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm x86_64: mutt-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7.References: https://access.redhat.com/security/cve/CVE-2011-1429 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOJcc/XlSAg2UNWIIRAoQAAKCksJfaSfDF4e41g+4B5D95Bc4M6wCgw+sT +0hWdVwUkjPrrokQOJpVxyw=97VY -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jul 19, 2011
Red Hat
89
security advisorysecurity issueupdateFedora Core 3: Exim Update 4.43-1.FC3.1 Addressing Buffer Overflow
This erratum fixes two relatively minor security issues which were discovered in Exim in the last few weeks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0021 and CAN-2005-0022 to these, respectively.. ---------------------------------------------------------------------Product : Fedora Core 3 Name : exim Version : 4.43 =20 Release : 1.FC3.1 =20 Summary : The exim mail transfer agent Description : Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. In style it is similar to Smail 3, but its facilities are more extensive, and in particular it has options for verifying incoming sender and recipient addresses, for refusing mail from specified hosts, networks, or senders, and for controlling mail relaying. Exim is in production use at quite a few sites, some of which move hundreds of thousands of messages per day. Exiscan is compiled in to allow inbuilt scanning capability. See https://duncanthrax.net/exiscan-acl/ ---------------------------------------------------------------------Update Information: This erratum fixes two relatively minor security issues which were discovered in Exim in the last few weeks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0021 and CAN-2005-0022 to these, respectively. 1. The function host_aton() can overflow a buffer if it is presented with an=20 illegal IPv6 address that has more than 8 components. 2. The second report described a buffer overflow in the function=20 spa_base64_to_bits(), which is part of the code for SPA authentication. This=20 code originated in the Samba project. The overflow can be exploited only if=20 you are using SPA authentication. ---------------------------------------------------------------------* Tue Jan 04 2005 David Woodhouse 4.43-1.FC3.1 - Fix bufferoverflows (CAN-2005-0021, CAN-2005-0022) - Demonstrate SASL auth configuration in default config file - Enable TLS and provide certificate if necessary - Don't reject all GB2312 charset mail by default ---------------------------------------------------------------------This update can be downloaded from: f4cafadca104a85ff5f31cbf5ca4c4f1 SRPMS/exim-4.43-1.FC3.1.src.rpm 3412f5b4cf40ad504dbaf2b7e2fffa62 x86_64/exim-4.43-1.FC3.1.x86_64.rpm 1446c41e65cfd6f15ae60b969ab3d20c x86_64/exim-mon-4.43-1.FC3.1.x86_64.rpm e71be8446d9e4d250ca40a41c2d7b49a x86_64/exim-doc-4.43-1.FC3.1.x86_64.rpm 1d515c5be494e657333549f72f4621e2 x86_64/exim-sa-4.43-1.FC3.1.x86_64.rpm bcd320d0c2f88911a3ccc02b95cb2843 x86_64/debug/exim-debuginfo-4.43-1.FC3.1.x86_64.rpm 7c2205113fe3285a76b797748845548b i386/exim-4.43-1.FC3.1.i386.rpm 8227e5701319639057b951bc45bbecf8 i386/exim-mon-4.43-1.FC3.1.i386.rpm 3b7e2741f4208757e92ab2d228b1fe8a i386/exim-doc-4.43-1.FC3.1.i386.rpm 4e5cbfea028184d6710443a3c0e79c29 i386/exim-sa-4.43-1.FC3.1.i386.rpm 9c2c6e5d633104ca71bf80b062e9f0a2 i386/debug/exim-debuginfo-4.43-1.FC3.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. =20 ---------------------------------------------------------------------Updates for the PowerPC architecture are also available from the yum repository at the following address: --=20 dwmw2 --=-Uqc8EWqJR+9ktMofum6G Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE-----Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQBB5pKyC+ArKBFlIdkRAiQFAJ4tt1Nykhl8NvhQqW3cctPT4w8CDACeIZOP Yh8Oh5WJo4waR6pYhMPDeYw=Zqjg -----END PGP SIGNATURE-------=-Uqc8EWqJR+9ktMofum6G-- --===============1377707192=Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --fedora-announce-list mailinglist
Jan 13, 2005
•Important
Fedora
98
security advisoryRed HatcriticalRed Hat Linux 7.3 RHSA-2003:251-01 Critical: Postfix DoS Issues
Two security issues have been found in Postfix that affect the Postfixpackages in Red Hat Linux 7.3, 8.0, and 9.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: New postfix packages fix security issues. Advisory ID: RHSA-2003:251-01 Issue date: 2003-08-04 Updated on: 2003-08-04 Product: Red Hat Linux Keywords: postfix envelope address Cross references: Obsoletes: CVE Names: CAN-2003-0468 CAN-2003-0540 - --------------------------------------------------------------------- 1. Topic: New Postfix packages that fix two potential security issues are now available. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 8.0 - i386 Red Hat Linux 9 - i386 3. Problem description: Postfix is a Mail Transport Agent (MTA). Two security issues have been found in Postfix that affect the Postfix packages in Red Hat Linux 7.3, 8.0, and 9. Postfix versions before 1.1.12 allow an attacker to bounce-scan private networks, or use the daemon as a DDoS tool by forcing the daemon to connect to an arbitrary service at an arbitrary IP address and receiving either a bounce message or by analyzing timing. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0468 to this issue. Postfix versions from 1.1 up to and including 1.1.12 have a bug where a remote attacker could send a malformed envelope address and: 1) cause the queue manager to lock up until an entry is removed from the queue or, 2) lock up the SMTP listener, leading to a DoS. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0540 to this issue. Users of Postfix are advised to upgrade to these erratum packages, which contain a version of Postfix 1.1.12 with the addition of a security patch and is not vulnerable to either of these issues. Red Hat would like to thank Michal Zalewski for discovering anddisclosing the flaws and to Wietse Venema for providing patches. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. RPMs required: Red Hat Linux 7.3: SRPMS: i386: Red Hat Linux 8.0: SRPMS: i386: Red Hat Linux 9: SRPMS: i386: 6. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 1c17ca698971a1b5904590b97c0cbf8f 7.3/en/os/SRPMS/postfix-1.1.12-0.7.src.rpm d862e447c46cc4587dc96d4d44ef1a58 7.3/en/os/i386/postfix-1.1.12-0.7.i386.rpm e9e79099eb8e23dc0eff8f26d059cf53 8.0/en/os/SRPMS/postfix-1.1.12-0.8.src.rpm 48e8299644a815e5dd67e67ef9aff8b5 8.0/en/os/i386/postfix-1.1.12-0.8.i386.rpm 4c1500d10e8533eda4168a0cd193b561 9/en/os/SRPMS/postfix-1.1.12-1.src.rpm b3345751920862dc4ab2e82bcc0c51f9 9/en/os/i386/postfix-1.1.12-1.i386.rpm These packages are GPG signed by Red Hat for security. Our key is available from Product Signing Keys - Red Hat Customer Portal You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 7. References: CVE -CVE-2003-0468 CVE -CVE-2003-0540 8. Contact: The Red Hat security contact is . More contact details at All Red Hat products Copyright 2003 Red Hat, Inc. . Critical security notification for Postfix deployments on RPM-based distributions. Recent patches respond to two critical flaws impacting various editions of Red Hat.. Red Hat Postfix security, Mail Transport Agent flaws, Linux update. . Severity: Critical. LinuxSecurity.com Team
Aug 04, 2003
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!