Debian Security Advisory

DSA-3747-1 exim4 -- security update

Date Reported:
25 Dec 2016
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2016-9963.
More information:

Bjoern Jacke discovered that Exim, Debian's default mail transfer agent, may leak the private DKIM signing key to the log files if specific configuration options are met.

For the stable distribution (jessie), this problem has been fixed in version 4.84.2-2+deb8u2.

We recommend that you upgrade your exim4 packages.