Headline
Ubuntu Security Notice USN-6455-1
Ubuntu Security Notice 6455-1 - It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to memory corruption. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information.
==========================================================================
Ubuntu Security Notice USN-6455-1
October 26, 2023
exim4 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Exim.
Software Description:
- exim4: Exim is a mail transport agent
Details:
It was discovered that Exim incorrectly handled validation of user-supplied
data, which could lead to memory corruption. A remote attacker could
possibly use this issue to execute arbitrary code. (CVE-2023-42117)
It was discovered that Exim incorrectly handled validation of user-supplied
data, which could lead to an out-of-bounds read. An attacker could possibly
use this issue to expose sensitive information. (CVE-2023-42119)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
exim4-daemon-heavy 4.96-17ubuntu2.1
exim4-daemon-light 4.96-17ubuntu2.1
Ubuntu 23.04:
exim4-daemon-heavy 4.96-14ubuntu1.3
exim4-daemon-light 4.96-14ubuntu1.3
Ubuntu 22.04 LTS:
exim4-daemon-heavy 4.95-4ubuntu2.4
exim4-daemon-light 4.95-4ubuntu2.4
Ubuntu 20.04 LTS:
exim4-daemon-heavy 4.93-13ubuntu1.9
exim4-daemon-light 4.93-13ubuntu1.9
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
exim4-daemon-heavy 4.90.1-1ubuntu1.10+esm2
exim4-daemon-light 4.90.1-1ubuntu1.10+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
exim4-daemon-heavy 4.86.2-2ubuntu2.6+esm5
exim4-daemon-light 4.86.2-2ubuntu2.6+esm5
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
exim4-daemon-heavy 4.82-3ubuntu2.4+esm7
exim4-daemon-light 4.82-3ubuntu2.4+esm7
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6455-1
CVE-2023-42117, CVE-2023-42119
Package Information:
https://launchpad.net/ubuntu/+source/exim4/4.96-17ubuntu2.1
https://launchpad.net/ubuntu/+source/exim4/4.96-14ubuntu1.3
https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.4
https://launchpad.net/ubuntu/+source/exim4/4.93-13ubuntu1.9
Related news
Gentoo Linux Security Advisory 202402-18 - Multiple vulnerabilities have been discovered in Exim, the worst of which can lead to remote code execution. Versions greater than or equal to 4.97.1 are affected.
Categories: Business Categories: News Tags: Exim Tags: mta Tags: cla Tags: spf Tags: nltm Tags: cvss Tags: cve-2023-42115 Tags: cve-2023-42116 Tags: cve-2023-42117 Tags: cve-2023-42118 Tags: cve-2023-42119 Tags: cve-2023-42114 Tags: dbs spa Six vulnerabilities in the Exim message transfer agent have been fixed—over a year after they were reported. (Read more...) The post Exim finally fixes 3 out of 6 vulnerabilities appeared first on Malwarebytes Labs.
Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of flaws, which were reported anonymously way back in June 2022, is as follows - CVE-2023-42114 (CVSS score: 3.7) - Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability
Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of flaws, which were reported anonymously way back in June 2022, is as follows - CVE-2023-42114 (CVSS score: 3.7) - Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability