USN-3322-1: Exim vulnerability

Ubuntu Security Notice USN-3322-1

19th June, 2017

exim4 vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

Exim could be made to run programs as an administrator.

Software description

  • exim4
    – Exim is a mail transport agent

Details

It was discovered that Exim did not properly deallocate memory when
processing certain command line arguments. A local attacker could use this
in conjunction with another vulnerability to possibly execute arbitrary
code and gain administrative privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 17.04:
exim4-daemon-heavy

4.88-5ubuntu1.1
exim4-daemon-light

4.88-5ubuntu1.1
Ubuntu 16.10:
exim4-daemon-heavy

4.87-3ubuntu1.2
exim4-daemon-light

4.87-3ubuntu1.2
Ubuntu 16.04 LTS:
exim4-daemon-heavy

4.86.2-2ubuntu2.2
exim4-daemon-light

4.86.2-2ubuntu2.2
Ubuntu 14.04 LTS:
exim4-daemon-heavy

4.82-3ubuntu2.3
exim4-daemon-light

4.82-3ubuntu2.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-1000369


Source From: ubuntu.com.
Original article title: USN-3322-1: Exim vulnerability.
This full article can be read at: USN-3322-1: Exim vulnerability.

Advertisement


Random Article You May Like

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*