Headline
Ubuntu Security Notice USN-5741-1
Ubuntu Security Notice 5741-1 - It was discovered that Exim incorrectly handled certain regular expressions. An attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code.
==========================================================================
Ubuntu Security Notice USN-5741-1
November 24, 2022
exim4 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Exim could be made to crash or run programs if it processed specially
crafted regular expressions.
Software Description:
- exim4: Exim is a mail transport agent
Details:
It was discovered that Exim incorrectly handled certain regular
expressions. An attacker could use this issue to cause Exim to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
exim4-base 4.96-3ubuntu1.1
exim4-daemon-heavy 4.96-3ubuntu1.1
exim4-daemon-light 4.96-3ubuntu1.1
Ubuntu 22.04 LTS:
exim4-base 4.95-4ubuntu2.2
exim4-daemon-heavy 4.95-4ubuntu2.2
exim4-daemon-light 4.95-4ubuntu2.2
Ubuntu 20.04 LTS:
exim4-base 4.93-13ubuntu1.7
exim4-daemon-heavy 4.93-13ubuntu1.7
exim4-daemon-light 4.93-13ubuntu1.7
Ubuntu 18.04 LTS:
exim4-base 4.90.1-1ubuntu1.10
exim4-daemon-heavy 4.90.1-1ubuntu1.10
exim4-daemon-light 4.90.1-1ubuntu1.10
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5741-1
CVE-2022-3559
Package Information:
https://launchpad.net/ubuntu/+source/exim4/4.96-3ubuntu1.1
https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.2
https://launchpad.net/ubuntu/+source/exim4/4.93-13ubuntu1.7
https://launchpad.net/ubuntu/+source/exim4/4.90.1-1ubuntu1.10
Related news
A vulnerability was found in Exim and classified as critical. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.