Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6455-1

Ubuntu Security Notice 6455-1 - It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to memory corruption. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information.

Packet Storm
#vulnerability#ubuntu

==========================================================================
Ubuntu Security Notice USN-6455-1
October 26, 2023

exim4 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 23.10
  • Ubuntu 23.04
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS (Available with Ubuntu Pro)
  • Ubuntu 16.04 LTS (Available with Ubuntu Pro)
  • Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Exim.

Software Description:

  • exim4: Exim is a mail transport agent

Details:

It was discovered that Exim incorrectly handled validation of user-supplied
data, which could lead to memory corruption. A remote attacker could
possibly use this issue to execute arbitrary code. (CVE-2023-42117)

It was discovered that Exim incorrectly handled validation of user-supplied
data, which could lead to an out-of-bounds read. An attacker could possibly
use this issue to expose sensitive information. (CVE-2023-42119)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
exim4-daemon-heavy 4.96-17ubuntu2.1
exim4-daemon-light 4.96-17ubuntu2.1

Ubuntu 23.04:
exim4-daemon-heavy 4.96-14ubuntu1.3
exim4-daemon-light 4.96-14ubuntu1.3

Ubuntu 22.04 LTS:
exim4-daemon-heavy 4.95-4ubuntu2.4
exim4-daemon-light 4.95-4ubuntu2.4

Ubuntu 20.04 LTS:
exim4-daemon-heavy 4.93-13ubuntu1.9
exim4-daemon-light 4.93-13ubuntu1.9

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
exim4-daemon-heavy 4.90.1-1ubuntu1.10+esm2
exim4-daemon-light 4.90.1-1ubuntu1.10+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
exim4-daemon-heavy 4.86.2-2ubuntu2.6+esm5
exim4-daemon-light 4.86.2-2ubuntu2.6+esm5

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
exim4-daemon-heavy 4.82-3ubuntu2.4+esm7
exim4-daemon-light 4.82-3ubuntu2.4+esm7

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6455-1
CVE-2023-42117, CVE-2023-42119

Package Information:
https://launchpad.net/ubuntu/+source/exim4/4.96-17ubuntu2.1
https://launchpad.net/ubuntu/+source/exim4/4.96-14ubuntu1.3
https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.4
https://launchpad.net/ubuntu/+source/exim4/4.93-13ubuntu1.9

Related news

Gentoo Linux Security Advisory 202402-18

Gentoo Linux Security Advisory 202402-18 - Multiple vulnerabilities have been discovered in Exim, the worst of which can lead to remote code execution. Versions greater than or equal to 4.97.1 are affected.

Exim finally fixes 3 out of 6 vulnerabilities

Categories: Business Categories: News Tags: Exim Tags: mta Tags: cla Tags: spf Tags: nltm Tags: cvss Tags: cve-2023-42115 Tags: cve-2023-42116 Tags: cve-2023-42117 Tags: cve-2023-42118 Tags: cve-2023-42119 Tags: cve-2023-42114 Tags: dbs spa Six vulnerabilities in the Exim message transfer agent have been fixed—over a year after they were reported. (Read more...) The post Exim finally fixes 3 out of 6 vulnerabilities appeared first on Malwarebytes Labs.

New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks

Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of flaws, which were reported anonymously way back in June 2022, is as follows - CVE-2023-42114 (CVSS score: 3.7) - Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability

New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks

Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of flaws, which were reported anonymously way back in June 2022, is as follows - CVE-2023-42114 (CVSS score: 3.7) - Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution