Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Ubuntu 23.10: Addressing Critical Risk of Exim SPF Bypass Vulnerability

ubuntu
Calendar Grey January 29, 2024
Dist Ubuntu Esm H88
Ensure to upgrade your Ubuntu installations to mitigate the Exim vulnerability that impacts various versions, thereby safeguarding against potential email spoofing threats.
Exim could be made to bypass an SPF protection mechanism if it received a specially crafted request.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Exim could be made to bypass an SPF protection mechanism if it received a specially crafted request. Software Description: - exim4: Exim is a mail transport agent Details: It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism.

Topics%20covered

Topics Covered

security advisory critical Ubuntu attack spoofing mail agent Exim

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: exim4 4.96-17ubuntu2.2 exim4-base 4.96-17ubuntu2.2 eximon4 4.96-17ubuntu2.2 Ubuntu 22.04 LTS: exim4 4.95-4ubuntu2.5 exim4-base 4.95-4ubuntu2.5 eximon4 4.95-4ubuntu2.5 Ubuntu 20.04 LTS: exim4 4.93-13ubuntu1.10 exim4-base 4.93-13ubuntu1.10 eximon4 4.93-13ubuntu1.10 Ubuntu 18.04 LTS (Available with Ubuntu Pro): exim4 4.90.1-1ubuntu1.10+esm3 exim4-base 4.90.1-1ubuntu1.10+esm3 eximon4 4.90.1-1ubuntu1.10+esm3 Ubuntu 16.04 LTS (Available with Ubuntu Pro): exim4 4.86.2-2ubuntu2.6+esm6 exim4-base 4.86.2-2ubuntu2.6+esm6 eximon4 4.86.2-2ubuntu2.6+esm6 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6611-1

CVE-2023-51766

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6611-1

Topics%20covered

Topics Covered

security advisory critical Ubuntu attack spoofing mail agent Exim

Package Information

https://launchpad.net/ubuntu/+source/exim4/4.96-17ubuntu2.2 https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.5 https://launchpad.net/ubuntu/+source/exim4/4.93-13ubuntu1.10

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here