Critical Exim RCE, Info Disclosure Bugs Fixed
Three critical security vulnerabilities have been discovered in the widely-used Exim open-source email transfer agent, including a NTLM challenge out-of-bounds read information disclosure bug (CVE-2023-42114), a AUTH out-of-bounds write remote code execution (RCE) vulnerability (CVE-2023-42115), and a SMTP challenge stack-based buffer overflow RCE flaw (CVE-2023-42116).
These issues could result in malware execution, system compromise, and information disclosure on impacted systems.
An essential update for Exim has been released to fix these critical issues. We strongly recommend that all affected users apply the updates released by Debian, Debian LTS, openSUSE, and Ubuntu now to protect their critical systems and sensitive data against attacks leading to compromise.
To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user, subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.
Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).