Several security issues were fixed in Exim.
Software Description:
- exim4: Exim is a mail transport agent
Details:
It was discovered that Exim incorrectly handled certain challenge requests.
A remote attacker could possibly use this issue to perform out-of-bounds
reads, resulting in information leakage. (CVE-2023-42114)
It was discovered that Exim incorrectly handled validation of user-supplied
data. A remote attacker could possibly use this issue to perform
out-of-bounds writes, resulting in arbitrary code execution. This issue
only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.04.
(CVE-2023-42115)
It was discovered that Exim incorrectly handled certain challenge requests.
A remote attacker could possibly use this issue to perform out-of-bounds
writes, resulting in arbitrary code execution. (CVE-2023-42116)
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: exim4 4.96-14ubuntu1.2 exim4-base 4.96-14ubuntu1.2 exim4-daemon-heavy 4.96-14ubuntu1.2 exim4-daemon-light 4.96-14ubuntu1.2 eximon4 4.96-14ubuntu1.2 Ubuntu 22.04 LTS: exim4 4.95-4ubuntu2.3 exim4-base 4.95-4ubuntu2.3 exim4-daemon-heavy 4.95-4ubuntu2.3 exim4-daemon-light 4.95-4ubuntu2.3 eximon4 4.95-4ubuntu2.3 Ubuntu 20.04 LTS: exim4 4.93-13ubuntu1.8 exim4-base 4.93-13ubuntu1.8 exim4-daemon-heavy 4.93-13ubuntu1.8 exim4-daemon-light 4.93-13ubuntu1.8 eximon4 4.93-13ubuntu1.8 Ubuntu 18.04 LTS (Available with Ubuntu Pro): exim4 4.90.1-1ubuntu1.10+esm1 exim4-base 4.90.1-1ubuntu1.10+esm1 exim4-daemon-heavy 4.90.1-1ubuntu1.10+esm1 exim4-daemon-light 4.90.1-1ubuntu1.10+esm1 eximon4 4.90.1-1ubuntu1.10+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): exim4 4.86.2-2ubuntu2.6+esm4 exim4-base 4.86.2-2ubuntu2.6+esm4 exim4-daemon-heavy 4.86.2-2ubuntu2.6+esm4 exim4-daemon-light 4.86.2-2ubuntu2.6+esm4 eximon4 4.86.2-2ubuntu2.6+esm4 Ubuntu 14.04 LTS (Available with Ubuntu Pro): exim4 4.82-3ubuntu2.4+esm6 exim4-base 4.82-3ubuntu2.4+esm6 exim4-daemon-heavy 4.82-3ubuntu2.4+esm6 exim4-daemon-light 4.82-3ubuntu2.4+esm6 eximon4 4.82-3ubuntu2.4+esm6 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6411-1
CVE-2023-42114, CVE-2023-42115, CVE-2023-42116
Get the latest Linux and open source security news straight to your inbox.