Debian Security Advisory
DSA-3747-1 exim4 -- security update
- Date Reported:
- 25 Dec 2016
- Affected Packages:
- exim4
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-9963.
- More information:
-
Bjoern Jacke discovered that Exim, Debian's default mail transfer agent, may leak the private DKIM signing key to the log files if specific configuration options are met.
For the stable distribution (jessie), this problem has been fixed in version 4.84.2-2+deb8u2.
We recommend that you upgrade your exim4 packages.