Exim SpamAssassin could be made to execute aribitrary code if it
received crafted .cf files/rules.
Software Description:
- sa-exim: SpamAssassin filter for Exim
Details:
It was discovered that Exim SpamAssassin does not properly handle
configuration strings. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2019-19920)
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: sa-exim 4.2.1-14+deb8u1build0.16.04.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4520-1
CVE-2019-19920
Get the latest Linux and open source security news straight to your inbox.