USN-4934-2: Exim vulnerabilities
=========================================================================
Ubuntu Security Notice USN-4934-2
May 06, 2021
exim4 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Exim.
Software Description:
- exim4: Exim is a mail transport agent
Details:
USN-4934-1 fixed several vulnerabilities in Exim. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
CVE-2020-28026 only affected Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Exim contained multiple security issues. An attacker
could use these issues to cause a denial of service, execute arbitrary
code remotely, obtain sensitive information, or escalate local privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
exim4-base 4.86.2-2ubuntu2.6+esm1
exim4-daemon-heavy 4.86.2-2ubuntu2.6+esm1
exim4-daemon-light 4.86.2-2ubuntu2.6+esm1
Ubuntu 14.04 ESM:
exim4-base 4.82-3ubuntu2.4+esm3
exim4-daemon-heavy 4.82-3ubuntu2.4+esm3
exim4-daemon-light 4.82-3ubuntu2.4+esm3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-4934-2
https://ubuntu.com/security/notices/USN-4934-1
CVE-2020-28007, CVE-2020-28008, CVE-2020-28009, CVE-2020-28011,
CVE-2020-28012, CVE-2020-28013, CVE-2020-28014, CVE-2020-28015,
CVE-2020-28016, CVE-2020-28017, CVE-2020-28020, CVE-2020-28022,
CVE-2020-28024, CVE-2020-28025, CVE-2020-28026, CVE-2021-27216
An Exim security update has been released for Ubuntu Linux 14.04 LTS and 16.04 LTS.