Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 16.04 LTS: USN-4520-1 Moderate: Exim SpamAssassin Threat

ubuntu
Calendar Grey September 18, 2020
Dist Ubuntu Esm H88
Security bulletin dated September 18, 2020, detailing a vulnerability in sa-exim within Ubuntu systems, which could potentially enable unauthorized code execution.
Exim SpamAssassin could be made to execute aribitrary code if it received crafted .cf files/rules.

Summary

Exim SpamAssassin could be made to execute aribitrary code if it

received crafted .cf files/rules.

Software Description:

- sa-exim: SpamAssassin filter for Exim

Details:

It was discovered that Exim SpamAssassin does not properly handle

configuration strings. An attacker could possibly use this issue to

execute arbitrary code. (CVE-2019-19920)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  sa-exim                         4.2.1-14+deb8u1build0.16.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4520-1

CVE-2019-19920

September 18, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here