Exim could be made to bypass a MIME filename extension-blocking
protection mechanism if it received specially crafted input.
Software Description:
- exim4: Exim is a mail transport agent
Details:
Phillip Szelat discovered that Exim misparses multiline MIME header
filenames. A remote attacker could use this issue to bypass a MIME filename
extension-blocking protection mechanism and possibly deliver executable
attachments to the mailboxes of end users.
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS exim4 4.97-4ubuntu4.1 exim4-base 4.97-4ubuntu4.1 eximon4 4.97-4ubuntu4.1 Ubuntu 22.04 LTS exim4 4.95-4ubuntu2.6 exim4-base 4.95-4ubuntu2.6 eximon4 4.95-4ubuntu2.6 Ubuntu 20.04 LTS exim4 4.93-13ubuntu1.12 exim4-base 4.93-13ubuntu1.12 eximon4 4.93-13ubuntu1.12 Ubuntu 18.04 LTS exim4 4.90.1-1ubuntu1.10+esm5 Available with Ubuntu Pro exim4-base 4.90.1-1ubuntu1.10+esm5 Available with Ubuntu Pro eximon4 4.90.1-1ubuntu1.10+esm5 Available with Ubuntu Pro Ubuntu 16.04 LTS exim4 4.86.2-2ubuntu2.6+esm8 Available with Ubuntu Pro exim4-base 4.86.2-2ubuntu2.6+esm8 Available with Ubuntu Pro eximon4 4.86.2-2ubuntu2.6+esm8 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6939-1
CVE-2024-39929
Get the latest Linux and open source security news straight to your inbox.