Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Ubuntu 19.04, 18.04 LTS: USN-4124-1 Critical Exim Execution Risk

Calendar Sep 06, 2019 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory exim remote execution ubuntu administrative access
Exim could be made to run programs as an administrator if it received specially crafted network traffic. 
=========================================================================Ubuntu Security Notice USN-4124-1
September 06, 2019

exim4 vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Exim could be made to run programs as an administrator if it received
specially crafted network traffic.

Software Description:
- exim4: Exim is a mail transport agent

Details:

It was discovered that Exim incorrectly handled certain decoding
operations. A remote attacker could possibly use this issue to execute
arbitrary commands.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  exim4-daemon-heavy              4.92-4ubuntu1.3
  exim4-daemon-light              4.92-4ubuntu1.3

Ubuntu 18.04 LTS:
  exim4-daemon-heavy              4.90.1-1ubuntu1.4
  exim4-daemon-light              4.90.1-1ubuntu1.4

Ubuntu 16.04 LTS:
  exim4-daemon-heavy              4.86.2-2ubuntu2.5
  exim4-daemon-light              4.86.2-2ubuntu2.5

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-4124-1
  CVE-2019-15846, https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1843041

Package Information:
  https://launchpad.net/ubuntu/+source/exim4/4.92-4ubuntu1.3
  https://launchpad.net/ubuntu/+source/exim4/4.90.1-1ubuntu1.4
  https://launchpad.net/ubuntu/+source/exim4/4.86.2-2ubuntu2.5

Ubuntu 19.04, 18.04 LTS: USN-4124-1 Critical Exim Execution Risk

ubuntu
Calendar Grey September 6, 2019
Dist Ubuntu Esm H88
The new Ubuntu Security Alert USN-4124-1 highlights a critical flaw in Exim that could enable remote command execution through specially designed packets.
Exim could be made to run programs as an administrator if it received specially crafted network traffic.

Summary

Topics%20covered

Topics Covered

security advisory exim remote execution ubuntu administrative access

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: exim4-daemon-heavy 4.92-4ubuntu1.3 exim4-daemon-light 4.92-4ubuntu1.3 Ubuntu 18.04 LTS: exim4-daemon-heavy 4.90.1-1ubuntu1.4 exim4-daemon-light 4.90.1-1ubuntu1.4 Ubuntu 16.04 LTS: exim4-daemon-heavy 4.86.2-2ubuntu2.5 exim4-daemon-light 4.86.2-2ubuntu2.5 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4124-1

CVE-2019-15846, https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1843041

Severity
critical
Lowest
Low
Medium
High
Critical

September 06, 2019

Topics%20covered

Topics Covered

security advisory exim remote execution ubuntu administrative access

Package Information

https://launchpad.net/ubuntu/+source/exim4/4.92-4ubuntu1.3 https://launchpad.net/ubuntu/+source/exim4/4.90.1-1ubuntu1.4 https://launchpad.net/ubuntu/+source/exim4/4.86.2-2ubuntu2.5

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here