[USN-4934-2] Exim vulnerabilities

Leonidas S. Barbosa leo.barbosa at canonical.com
Thu May 6 11:58:09 UTC 2021 

==========================================================================
Ubuntu Security Notice USN-4934-2
May 06, 2021

exim4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in Exim.

Software Description:
- exim4: Exim is a mail transport agent

Details:

USN-4934-1 fixed several vulnerabilities in Exim. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
CVE-2020-28026 only affected Ubuntu 16.04 ESM.

Original advisory details:

 It was discovered that Exim contained multiple security issues. An attacker
 could use these issues to cause a denial of service, execute arbitrary
 code remotely, obtain sensitive information, or escalate local privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  exim4-base                      4.86.2-2ubuntu2.6+esm1
  exim4-daemon-heavy              4.86.2-2ubuntu2.6+esm1
  exim4-daemon-light              4.86.2-2ubuntu2.6+esm1

Ubuntu 14.04 ESM:
  exim4-base                      4.82-3ubuntu2.4+esm3
  exim4-daemon-heavy              4.82-3ubuntu2.4+esm3
  exim4-daemon-light              4.82-3ubuntu2.4+esm3

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-4934-2
  https://ubuntu.com/security/notices/USN-4934-1
  CVE-2020-28007, CVE-2020-28008, CVE-2020-28009, CVE-2020-28011,
  CVE-2020-28012, CVE-2020-28013, CVE-2020-28014, CVE-2020-28015,
  CVE-2020-28016, CVE-2020-28017, CVE-2020-28020, CVE-2020-28022,
  CVE-2020-28024, CVE-2020-28025, CVE-2020-28026, CVE-2021-27216
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20210506/1acf32d6/attachment.sig>

More information about the ubuntu-security-announce mailing list