CVE-2016-9963
Published: 16 December 2016
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
Priority
CVSS 3 base score: 5.9
Status
Package | Release | Status |
---|---|---|
exim4 Launchpad, Ubuntu, Debian |
upstream |
Released
(4.87.1,4.88)
|
precise |
Released
(4.76-3ubuntu3.4)
|
|
trusty |
Released
(4.82-3ubuntu2.2)
|
|
xenial |
Released
(4.86.2-2ubuntu2.1)
|
|
yakkety |
Released
(4.87-3ubuntu1.1)
|
|
Patches: upstream: https://github.com/Exim/exim/commit/87cb4a166c47b57df48c2918e47801d77639fbb0 (master) upstream: https://github.com/Exim/exim/commit/46672dc8be913fb02f0aa822d79c590fac276182 (4.80.1) upstream: https://github.com/Exim/exim/commit/fd3961f062107c5c64016cff0331fd2cf1181cdd (4.80.1 test) upstream: https://github.com/Exim/exim/commit/be2b8e517f4946d2ad0cb0100e7b078cb4d9b65f (4.87) upstream: https://github.com/Exim/exim/commit/31c02defdc5118834e801d4fe8f11c1d9b5ebadf (4.86) upstream: https://github.com/Exim/exim/commit/f915863397aa037a437155da67424d094821a23b (4.86) |