Ubuntu Security Notice USN-4934-2
May 06, 2021

exim4 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM


Several security issues were fixed in Exim.

Software Description:
- exim4: Exim is a mail transport agent


USN-4934-1 fixed several vulnerabilities in Exim. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
CVE-2020-28026 only affected Ubuntu 16.04 ESM.

Original advisory details:

 It was discovered that Exim contained multiple security issues. An attacker
 could use these issues to cause a denial of service, execute arbitrary
 code remotely, obtain sensitive information, or escalate local privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  exim4-base                      4.86.2-2ubuntu2.6+esm1
  exim4-daemon-heavy              4.86.2-2ubuntu2.6+esm1
  exim4-daemon-light              4.86.2-2ubuntu2.6+esm1

Ubuntu 14.04 ESM:
  exim4-base                      4.82-3ubuntu2.4+esm3
  exim4-daemon-heavy              4.82-3ubuntu2.4+esm3
  exim4-daemon-light              4.82-3ubuntu2.4+esm3

In general, a standard system update will make all the necessary changes.

  CVE-2020-28007, CVE-2020-28008, CVE-2020-28009, CVE-2020-28011,
  CVE-2020-28012, CVE-2020-28013, CVE-2020-28014, CVE-2020-28015,
  CVE-2020-28016, CVE-2020-28017, CVE-2020-28020, CVE-2020-28022,
  CVE-2020-28024, CVE-2020-28025, CVE-2020-28026, CVE-2021-27216