-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5887-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 26, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : exim4 CVE ID : CVE-2025-30232 It was discovered that a use-after-free vulnerability in Exim4, a mail transport agent, may result in privilege escalation for a local attacker. For the stable distribution (bookworm), this problem has been fixed in version 4.96-15+deb12u7. We recommend that you upgrade your exim4 packages. For the detailed security status of exim4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/exim4 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmfkETFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TD6xAAmsPks6VJ8GfLXlxlFtkOLhK9C2Qze1r/wnTJNfB1GQoPqIBG8h+zgXz/ JPTBYLRHVesZCjGY4N2+rGKycXzljeBSdumcNKcjOu3yKaelnuuBD1vaXB2NR+yQ XXSGn9g/bX0//Rt5PC4U2nbw5p4UkkQ9Pda+EOFt5jjr/2cFu8RMpddfRHrL+DYe bWdW3EarBQjAKmi74k+euBF7Cgof16XowSuyf8oTXq8TKW72r1YBC3JAF+eDu/Wt nU4hyEDJm8D1mLORtemI6FVsy4tpWh9dwBCARZuSqy6IHOulyJK/ip2IPF/jDT1x ENweGdFT+/4uwkhuIU3091+01WYmrCFEuc/Mio/64bLQ0VOwWrv8EKKFxLZMg+xt E050pW+6PIy8oiUtnmtTmaLmev5pQg7gFf6eS9K9OFbNAP5LW4vGOVnEwsC7QbYF WKKuRIuX6KvyVqOs/qIdqHT8ermJ9KJHxRXX7UZ3CArmqvRvP5Cx8BjesV5UwnEp fUqRoIvOXuFN6xkur7td+p0UXJJIlwRl5ArVLoKcJTErOpntY+8HpdOoS0rrVHah RJU9glohR8SGGI+Np988ReatQnRRrQkiuXUjzmaqjqkCmOtvWiU/0jKPR0E/WGU5 6Y8/3BmPsvKwLQZWis1skWLNtbNL7q3KDFiYC6VnR4GhgPwHHpY= =tBpE -----END PGP SIGNATURE-----