<!DOCTYPE html>
<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <div class="im">==============================<wbr>==============================<wbr>==============<br>
      Ubuntu Security Notice USN-6881-1<br>
      July 08, 2024<br>
      <br>
      exim4 vulnerability<br>
      ==============================<wbr>==============================<wbr>==============<br>
      <br>
      A security issue affects these releases of Ubuntu and its
      derivatives:<br>
      <br>
      - Ubuntu 20.04 LTS<br>
      - Ubuntu 18.04 LTS<br>
      - Ubuntu 16.04 LTS<br>
      - Ubuntu 14.04 LTS<br>
      <br>
      Summary:<br>
      <br>
      Exim could be made to allow response injection if it received a
      specially<br>
      crafted response.<br>
      <br>
      Software Description:<br>
      - exim4: Exim is a mail transport agent<br>
      <br>
      Details:<br>
      <br>
      It was discovered that Exim did not enforce STARTTLS sync point on
      client<br>
      side. An attacker could possibly use this issue to perform
      response<br>
      injection during MTA SMTP sending.<br>
      <br>
      Update instructions:<br>
      <br>
      The problem can be corrected by updating your system to the
      following<br>
      package versions:<br>
      <br>
      Ubuntu 20.04 LTS<br>
        exim4                           4.93-13ubuntu1.11<br>
        exim4-base                      4.93-13ubuntu1.11<br>
    </div>
    <span class="im HOEnZb">   eximon4                       
       4.93-13ubuntu1.11<br>
      <br>
      Ubuntu 18.04 LTS<br>
        exim4                           4.90.1-1ubuntu1.10+esm4<br>
                                        Available with Ubuntu Pro<br>
        exim4-base                      4.90.1-1ubuntu1.10+esm4<br>
                                        Available with Ubuntu Pro<br>
        eximon4                         4.90.1-1ubuntu1.10+esm4<br>
                                        Available with Ubuntu Pro<br>
      <br>
      Ubuntu 16.04 LTS<br>
        exim4                           4.86.2-2ubuntu2.6+esm7<br>
                                        Available with Ubuntu Pro<br>
        exim4-base                      4.86.2-2ubuntu2.6+esm7<br>
                                        Available with Ubuntu Pro<br>
        eximon4                         4.86.2-2ubuntu2.6+esm7<br>
                                        Available with Ubuntu Pro<br>
      <br>
      Ubuntu 14.04 LTS<br>
        exim4                           4.82-3ubuntu2.4+esm8<br>
                                        Available with Ubuntu Pro<br>
        exim4-base                      4.82-3ubuntu2.4+esm8<br>
                                        Available with Ubuntu Pro<br>
    </span>
    <div class="adm"></div>
      eximon4                         4.82-3ubuntu2.4+esm8<br>
                                      Available with Ubuntu Pro<br>
    <br>
    In general, a standard system update will make all the necessary
    changes.<br>
    <br>
    References:<br>
      <a href="https://ubuntu.com/security/notices/USN-6881-1"
      rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices/USN-6881-1&source=gmail&ust=1720664616827000&usg=AOvVaw3cNa6z16ACRM79e2f3ixzg">https://ubuntu.com/security/no<wbr>tices/USN-6881-1</a><br>
      CVE-2021-38371<br>
    <br>
    Package Information:<br>
      <a
href="https://launchpad.net/ubuntu/+source/exim4/4.93-13ubuntu1.11"
      rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/exim4/4.93-13ubuntu1.11&source=gmail&ust=1720664616827000&usg=AOvVaw3GHGHznnHcBvCJj3SvB9Zd">https://launchpad.net/ubuntu/+<wbr>source/exim4/4.93-13ubuntu1.11</a>
    <p></p>
  </body>
</html>