In early September, the developers of the Exim mail server notified users of a critical vulnerability (CVE-2019-15846) that could allow a local or remote attacker to execute their code on the server with root privileges. Exim users have been advised to install the unscheduled update 4.92.2.
And already on September 29, another emergency release of Exim 4.92.3 was published with the elimination of another critical vulnerability (CVE-2019-16928), which allows remote code execution on the server. The vulnerability manifests itself after the reset of privileges and is limited to the execution of code with the rights of an unprivileged user, under which the handler of incoming messages is executed.
Users are advised to urgently install the update. The fix has been released for Ubuntu 19.04, Arch Linux, FreeBSD, Debian 10 and Fedora. On RHEL and CentOS, Exim is not included in the regular package repository. SUSE and openSUSE use the Exim 4.88 branch.
Source: linux.org.ru