[USN-4934-1] Exim vulnerabilities

Marc Deslauriers marc.deslauriers at canonical.com
Tue May 4 14:45:59 UTC 2021


==========================================================================
Ubuntu Security Notice USN-4934-1
May 04, 2021

exim4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.04
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Exim.

Software Description:
- exim4: Exim is a mail transport agent

Details:

It was discovered that Exim contained multiple security issues. An attacker
could use these issues to cause a denial of service, execute arbitrary
code remotely, obtain sensitive information, or escalate local privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
  exim4-base                      4.94-15ubuntu1.2
  exim4-daemon-heavy              4.94-15ubuntu1.2
  exim4-daemon-light              4.94-15ubuntu1.2

Ubuntu 20.10:
  exim4-base                      4.94-7ubuntu1.2
  exim4-daemon-heavy              4.94-7ubuntu1.2
  exim4-daemon-light              4.94-7ubuntu1.2

Ubuntu 20.04 LTS:
  exim4-base                      4.93-13ubuntu1.5
  exim4-daemon-heavy              4.93-13ubuntu1.5
  exim4-daemon-light              4.93-13ubuntu1.5

Ubuntu 18.04 LTS:
  exim4-base                      4.90.1-1ubuntu1.8
  exim4-daemon-heavy              4.90.1-1ubuntu1.8
  exim4-daemon-light              4.90.1-1ubuntu1.8

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-4934-1
  CVE-2020-28007, CVE-2020-28008, CVE-2020-28009, CVE-2020-28010,
  CVE-2020-28011, CVE-2020-28012, CVE-2020-28013, CVE-2020-28014,
  CVE-2020-28015, CVE-2020-28016, CVE-2020-28017, CVE-2020-28018,
  CVE-2020-28019, CVE-2020-28020, CVE-2020-28021, CVE-2020-28022,
  CVE-2020-28023, CVE-2020-28024, CVE-2020-28025, CVE-2020-28026,
  CVE-2021-27216

Package Information:
  https://launchpad.net/ubuntu/+source/exim4/4.94-15ubuntu1.2
  https://launchpad.net/ubuntu/+source/exim4/4.94-7ubuntu1.2
  https://launchpad.net/ubuntu/+source/exim4/4.93-13ubuntu1.5
  https://launchpad.net/ubuntu/+source/exim4/4.90.1-1ubuntu1.8

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20210504/eda4d9f4/attachment.sig>


More information about the ubuntu-security-announce mailing list