Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 23.10: USN-6455-1 Critical Exim Memory Corruption Issues

ubuntu
Calendar Grey October 30, 2023
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-6455-1 addresses vulnerabilities in Exim, impacting various Ubuntu releases. Security updates are released to mitigate risks, so apply them promptly for protection.
Several security issues were fixed in Exim.

Summary

Several security issues were fixed in Exim.

Software Description:

- exim4: Exim is a mail transport agent

Details:

It was discovered that Exim incorrectly handled validation of user-supplied

data, which could lead to memory corruption. A remote attacker could

possibly use this issue to execute arbitrary code. (CVE-2023-42117)

It was discovered that Exim incorrectly handled validation of user-supplied

data, which could lead to an out-of-bounds read. An attacker could possibly

use this issue to expose sensitive information. (CVE-2023-42119)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   exim4-daemon-heavy              4.96-17ubuntu2.1
   exim4-daemon-light              4.96-17ubuntu2.1

Ubuntu 23.04:
   exim4-daemon-heavy              4.96-14ubuntu1.3
   exim4-daemon-light              4.96-14ubuntu1.3

Ubuntu 22.04 LTS:
   exim4-daemon-heavy              4.95-4ubuntu2.4
   exim4-daemon-light              4.95-4ubuntu2.4

Ubuntu 20.04 LTS:
   exim4-daemon-heavy              4.93-13ubuntu1.9
   exim4-daemon-light              4.93-13ubuntu1.9

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   exim4-daemon-heavy              4.90.1-1ubuntu1.10+esm2
   exim4-daemon-light              4.90.1-1ubuntu1.10+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   exim4-daemon-heavy              4.86.2-2ubuntu2.6+esm5
   exim4-daemon-light              4.86.2-2ubuntu2.6+esm5

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
   exim4-daemon-heavy              4.82-3ubuntu2.4+esm7
   exim4-daemon-light              4.82-3ubuntu2.4+esm7

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6455-1

CVE-2023-42117, CVE-2023-42119

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6455-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here