A critical vulnerability (CVE-2019-10149) was found in Exim mail server. It allows to execute some code on victim's server with root privileges. This vulnerability affects versions from 4.87 to 4.91.
I have an Ubuntu 18.04 server with Exim version 4.90_1 installed (but disabled) and I need to upgrade it to the version 4.92 - but I can't find how to do it properly through the terminal.
Ubuntu releases do not receive 'major' or 'feature' updates for packages – you always have the same version you started with, and the packager just applies individual patches to fix bugs or security issues. (Use apt-get changelog exim4 to see what changes are made.)
For Ubuntu 18.04, you need to upgrade the exim4 package to 4.90.1-1ubuntu1.2, which is a security update that has a fix for CVE-2019-10149 applied, but doesn't include any other 4.92 stuff. If you did a full system upgrade recently, then you already have it.
