CVE-2020-12783

Priority
Description
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that
could result in SPA/NTLM authentication bypass in auths/spa.c and
auths/auth-spa.c.
Assigned-to
leosilva
Notes
Package
Source: exim4 (LP Ubuntu Debian)
Upstream:released (4.93-16)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (4.82-3ubuntu2.4+esm2)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.86.2-2ubuntu2.6)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.90.1-1ubuntu1.5)
Ubuntu 19.10 (Eoan Ermine):released (4.92.1-1ubuntu3.1)
Ubuntu 20.04 LTS (Focal Fossa):released (4.93-13ubuntu1.1)
Ubuntu 20.10 (Groovy Gorilla):needed
Patches:
Upstream:https://git.exim.org/exim.git/commit/57aa14b216432be381b6295c312065b2fd034f86
Upstream:https://git.exim.org/exim.git/commit/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0
More Information

Updated: 2020-05-29 19:14:56 UTC (commit 2d0d387aa141e969cc1ddbb230ab2faa3ee568d5)