==========================================================Ubuntu Security Notice USN-1032-1         December 11, 2010
exim4 vulnerability
CVE-2010-4344
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  exim4-daemon-custom             4.60-3ubuntu3.2
  exim4-daemon-heavy              4.60-3ubuntu3.2
  exim4-daemon-light              4.60-3ubuntu3.2

Ubuntu 8.04 LTS:
  exim4-daemon-custom             4.69-2ubuntu0.2
  exim4-daemon-heavy              4.69-2ubuntu0.2
  exim4-daemon-light              4.69-2ubuntu0.2

Ubuntu 9.10:
  exim4-daemon-custom             4.69-11ubuntu4.1
  exim4-daemon-heavy              4.69-11ubuntu4.1
  exim4-daemon-light              4.69-11ubuntu4.1

In general, a standard system update will make all the necessary changes.

Details follow:

Sergey Kononenko and Eugene Bujak discovered that Exim did not correctly
truncate string expansions. A remote attacker could send specially crafted
email traffic to run arbitrary code as the Exim user, which could also
lead to root privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   326950 65e62a09e080c821e398a63cf92a6d1f
          Size/MD5:     1710 56df0b8c8d370e21120658155de9c3fa
          Size/MD5:  2022260 5f8e5834c648ac9a62bb8ab6ad2a6227

  Architecture independent packages:

          Size/MD5:   263080 359ce4b2bd41c72718c137e465342696
          Size/MD5:     1580 feabe1136ff1d77db3bf15a3d0e95d23

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   876940 341ab7347734de16c49182757d15e209
          Size/MD5:   468624 23925ea701e015f23b5252e6023241a8
          Size/MD5:   414586 16f48b776d5757043f167239fe931fe0
          Size/MD5:    86502 2dd6d4b0fe218b3e6416ae03e13540f4

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   873970 d7227fdecda4f57c4f0a46895f0047fe
          Size/MD5:   423706 8a7293ab75f5ffff0029a7e60294d6e8
          Size/MD5:   374388 b0cbe933f4adc32b6b0228d3819f53cf
          Size/MD5:    81898 d1151fdb573847abf6ef7a2c476dec46

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   883758 1973a2fe4863ed692b22d41a97d4d3f7
          Size/MD5:   469898 c81c330d96ce8f8e9fbb3611ddae9451
          Size/MD5:   416324 1adda1365428df3dda3ad2eca06a5b0d
          Size/MD5:    88496 3ddbbdfcad0dc9c4ea0cc1257a66f806

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   874312 87893cdf1323bc6271da745379efeb63
          Size/MD5:   444438 8d88c67448778b105336151ffcf9b9cc
          Size/MD5:   394234 8ea9e87dbb5bc7b8e34b7e39be3f14dd
          Size/MD5:    83748 6b14d9e0a764114fdddd73e9bf518acc

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

          Size/MD5:   542324 684652aca4ddc876130dc1e747abe639
          Size/MD5:     1946 b6f0b4b89968ea9f8baaf398b3c40305
          Size/MD5:  1659309 f0176239d54546526f519e266182c019

  Architecture independent packages:

          Size/MD5:   310444 b27c6deeab84c0d9d1834975de452079
          Size/MD5:     6356 e3e360d03367ada5058186fda42bf412

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   985396 646127f389dc10c56f9ce9b76288ea0e
          Size/MD5:   787748 5bf7ad817c0b96661433613c65dc2541
          Size/MD5:   496550 e309c2170877949d51f3c9da12d1606b
          Size/MD5:   701732 ace3c153ef2e6c00e578458c6667bd98
          Size/MD5:   442708 c2e54c2f539e85d48b40123540aec66c
          Size/MD5:   267568 4ab6961efc6909ecc21a0dc11524e355
          Size/MD5:    68336 0f916ca937aa199124a37e5dcbf901d3
          Size/MD5:   100648 30dd3dcc34805edbeb843a2e1a0419e4

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   981574 c6bdac374c384e75709ddbc4584c78a0
          Size/MD5:   748140 89cfe95a5d9a006a60a4e0c93a36f176
          Size/MD5:   467732 d3d1784cfb941570e62b348cbf18c634
          Size/MD5:   667830 2ad120163463491c374bc4732cf30fa3
          Size/MD5:   416776 54e80325909177eff906dd468cc2ab34
          Size/MD5:   260684 9ec594f594d7de456edb7883a4db11c0
          Size/MD5:    68340 bb7173daff16f19ccc5a50359f74cfaa
          Size/MD5:    96086 127416ada041e7074a153e856cafb938

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   982010 c14a5270224544ce1b964469607002a0
          Size/MD5:   762118 3ac2e6594a46175328ea3a0a41454f3a
          Size/MD5:   465198 b68b7099bbd223a28e2b244629ed5ceb
          Size/MD5:   678182 0bcb9cbb5eca98a174b547d1b815770c
          Size/MD5:   414510 c4d1073ae10ac0f94a74aa49bfcc9e98
          Size/MD5:   262380 9898befd0cc82b2dcbc196f9682ffb2a
          Size/MD5:    68352 028371d72c5e06a549c394870ef67b89
          Size/MD5:    96048 799182419e8721e485485747541a85f4

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   985382 48ddd029fda6f3a39640ce0a45b82028
          Size/MD5:   786138 0876d0748141809d4ff6429457165563
          Size/MD5:   513280 2db5199ab6423edebdba511551db8b62
          Size/MD5:   703960 5cc4faeaa585d8941cf6214318bd5b17
          Size/MD5:   455878 50c08967a3ec824e8645e0a35541456a
          Size/MD5:   275044 360d13462ca6e826ac875ee22b1a27e1
          Size/MD5:    68350 d237b34a403174d6d6d934f2162dfc6d
          Size/MD5:   104764 ac28a25431d743ed4ea171e7d1ce99c2

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   982370 3fb20f69090a7709195266af3a15fe2e
          Size/MD5:   741860 f672767f502724a3f494f175277a2b60
          Size/MD5:   479786 761c69d7c6464768432b826f0a064be3
          Size/MD5:   662310 04e260bc4f8b1f247b9fd215b990eb17
          Size/MD5:   426994 b72924c18424294579f5f57fa8c2013f
          Size/MD5:   260010 3b3feefc54a37292e2e1a50b90901396
          Size/MD5:    68346 7fc9cea90f650e451123edf893d67d95
          Size/MD5:    97782 6d1b8efca2ba6ddacf715d3681b78373

Updated packages for Ubuntu 9.10:

  Source archives:

          Size/MD5:   552585 11dba71d2f51a531dfbe030149ac2616
          Size/MD5:     2371 e11ceeebee781339679135bce2abe397
          Size/MD5:  1659309 f0176239d54546526f519e266182c019

  Architecture independent packages:

          Size/MD5:   371854 52414ba2baf1c4a04eae981277055955
          Size/MD5:     7950 3dc329a42c7277a881e11dc67d6ec26a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   997338 60d6d9230266bef5252032836d759efe
          Size/MD5:   838022 6caa8c44754e391ce183b3bacdbd9498
          Size/MD5:   544194 3c261ca58188fd58fa604a0cdaadcfa9
          Size/MD5:   742158 8bdae915a7843290a9c18f37e11f753d
          Size/MD5:   488240 d7e86dd8164f4e02e4c1744e53600ebf
          Size/MD5:   280102 f561098ed480b00632f8ae25bf2e95f2
          Size/MD5:    72056 65d2f1b2b7aca4685b485bee6e8e40ab
          Size/MD5:   107892 f4c6f0de550ba029169f02bc66f2d602

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   994680 4a7cf2144d4d02286cec9575c929e136
          Size/MD5:   798296 946a4c06e065e7e4f6bc340d03426719
          Size/MD5:   514902 11e0fbb495e2ad630e548e2a3e0d5f07
          Size/MD5:   707224 ecb77bc0a1a59ab28aaa46492ee5dc00
          Size/MD5:   462410 f0ff9f7d0332bc49f50982a1ad7f8d78
          Size/MD5:   274384 d682d6b5f5889af154176df6c120c160
          Size/MD5:    72042 96ad9118dffa077ac2dd4fd82cbefecc
          Size/MD5:   103934 c99c724eead0d85e92a43706f858543c

  armel architecture (ARM Architecture):

          Size/MD5:   998324 1f6d71876f8f663ebe464a94873fe9e1
          Size/MD5:   800678 9d213fc523dad77ed32b116091247124
          Size/MD5:   492850 141ddaaa9408c6966545954f3fd711b2
          Size/MD5:   708006 eeb57c0432e924fde0475aa33be7c16a
          Size/MD5:   442464 901d8991e58bb7eb752e1ddc002a36c0
          Size/MD5:   276866 479fb0f71294d8edf96c1ee112b71a7b
          Size/MD5:    72038 a57070daa19f52edf185b358c1acb9cf
          Size/MD5:   101966 4e01888c6a9ed05aed78f404e5c2c2e5

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   994470 2ffebb741e1f8b60fe4f2591faf69ba5
          Size/MD5:   809464 bad54d53cd66ff492e617e6a5fe747b4
          Size/MD5:   513420 944dfbf91d1d47570cf4beac113dbf1e
          Size/MD5:   718372 24ae980ea40a6cce6c3bc6e5cef59cc5
          Size/MD5:   460068 b9824d586d4a1dbf922301ee5143830a
          Size/MD5:   275540 99bcc98393cfd51ea586cd4e6005600a
          Size/MD5:    72054 b79b154eb510cfeb1e8a716b2c00fad2
          Size/MD5:   103444 d4c9bcd0086a036a112aaee566b97c99

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   997714 691a23f30a287c89b93e867e77ebcc38
          Size/MD5:   860134 beb27c57066d52542399f37d6199d2d0
          Size/MD5:   559436 cad28e7e802bdf7e4765ccb069cbb934
          Size/MD5:   765252 46cc4f2a70730c889296ee8b2200d900
          Size/MD5:   500176 ca794eea0dc57873e58f3fe04d4d063a
          Size/MD5:   286262 ff8331c62147bcfa31480eca018cb268
          Size/MD5:    72058 c71d83c209896a52e214e876aa976345
          Size/MD5:   108948 02416f3e1f7e124a41bf8c5d7dd5b9e6

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   996654 8aed2bd56548d55bd4c0f66e3cefa235
          Size/MD5:   802528 60a2db91419181f6ebc41605d78b2170
          Size/MD5:   540910 4be026ab559a35d48d36489883bfd293
          Size/MD5:   713966 929872a08329c71a46b99645d3c3d941
          Size/MD5:   485902 b57f4247f29aee0ca1ee4847cb091c43
          Size/MD5:   274414 44e8af10162fdb0ce7973e07f7e661e5
          Size/MD5:    72054 c332909031c776ebc9a7d21a23770fe6
          Size/MD5:   105590 a5d4bc7bfeadd3206fd2f61b7f38a974

Ubuntu 1032-1: Exim vulnerability

December 11, 2010
Sergey Kononenko and Eugene Bujak discovered that Exim did not correctlytruncate string expansions

Summary

Update Instructions

References

Severity
exim4 vulnerability

Package Information

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved