Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 24.04 LTS USN-6790-1 Critical Amavisd-New Bypass Issue

ubuntu
Calendar Grey May 28, 2024
Dist Ubuntu Esm H88
Critical flaw in Amavisd-new lets users evade malware scans on Ubuntu systems. Swift update necessary to bolster security protocols.
amavisd-new could be made to bypass security measures.

Summary

amavisd-new could be made to bypass security measures.

Software Description:

- amavisd-new: Interface between MTA and virus scanner/content filters

Details:

It was discovered that amavisd-new incorrectly handled certain MIME email

messages with multiple boundary parameters. A remote attacker could

possibly use this issue to bypass checks for banned files or malware.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   amavisd-new                     1:2.13.0-3ubuntu2

Ubuntu 23.10
   amavisd-new                     1:2.13.0-3ubuntu1.1

Ubuntu 22.04 LTS
   amavisd-new                     1:2.12.2-1ubuntu1.1

Ubuntu 20.04 LTS
   amavisd-new                     1:2.11.0-6.1ubuntu1.1

After a standard system update you need to reboot your computer to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-6790-1

CVE-2024-28054

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6790-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here