Ubuntu 6580 Published by

An Exim security update has been released for Ubuntu Linux 14.04 LTS and 16.04 LTS.



USN-4934-2: Exim vulnerabilities


=========================================================================
Ubuntu Security Notice USN-4934-2
May 06, 2021

exim4 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in Exim.

Software Description:
- exim4: Exim is a mail transport agent

Details:

USN-4934-1 fixed several vulnerabilities in Exim. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
CVE-2020-28026 only affected Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Exim contained multiple security issues. An attacker
could use these issues to cause a denial of service, execute arbitrary
code remotely, obtain sensitive information, or escalate local privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
exim4-base 4.86.2-2ubuntu2.6+esm1
exim4-daemon-heavy 4.86.2-2ubuntu2.6+esm1
exim4-daemon-light 4.86.2-2ubuntu2.6+esm1

Ubuntu 14.04 ESM:
exim4-base 4.82-3ubuntu2.4+esm3
exim4-daemon-heavy 4.82-3ubuntu2.4+esm3
exim4-daemon-light 4.82-3ubuntu2.4+esm3

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-4934-2
  https://ubuntu.com/security/notices/USN-4934-1
CVE-2020-28007, CVE-2020-28008, CVE-2020-28009, CVE-2020-28011,
CVE-2020-28012, CVE-2020-28013, CVE-2020-28014, CVE-2020-28015,
CVE-2020-28016, CVE-2020-28017, CVE-2020-28020, CVE-2020-28022,
CVE-2020-28024, CVE-2020-28025, CVE-2020-28026, CVE-2021-27216