Exim could be made to allow response injection if it received a specially
crafted response.
Software Description:
- exim4: Exim is a mail transport agent
Details:
It was discovered that Exim did not enforce STARTTLS sync point on client
side. An attacker could possibly use this issue to perform response
injection during MTA SMTP sending.
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS exim4 4.93-13ubuntu1.11 exim4-base 4.93-13ubuntu1.11 eximon4 4.93-13ubuntu1.11 Ubuntu 18.04 LTS exim4 4.90.1-1ubuntu1.10+esm4 Available with Ubuntu Pro exim4-base 4.90.1-1ubuntu1.10+esm4 Available with Ubuntu Pro eximon4 4.90.1-1ubuntu1.10+esm4 Available with Ubuntu Pro Ubuntu 16.04 LTS exim4 4.86.2-2ubuntu2.6+esm7 Available with Ubuntu Pro exim4-base 4.86.2-2ubuntu2.6+esm7 Available with Ubuntu Pro eximon4 4.86.2-2ubuntu2.6+esm7 Available with Ubuntu Pro Ubuntu 14.04 LTS exim4 4.82-3ubuntu2.4+esm8 Available with Ubuntu Pro exim4-base 4.82-3ubuntu2.4+esm8 Available with Ubuntu Pro eximon4 4.82-3ubuntu2.4+esm8 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6881-1
CVE-2021-38371
Get the latest Linux and open source security news straight to your inbox.