<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="im">==============================<wbr>==============================<wbr>==============<br>
Ubuntu Security Notice USN-6881-1<br>
July 08, 2024<br>
<br>
exim4 vulnerability<br>
==============================<wbr>==============================<wbr>==============<br>
<br>
A security issue affects these releases of Ubuntu and its
derivatives:<br>
<br>
- Ubuntu 20.04 LTS<br>
- Ubuntu 18.04 LTS<br>
- Ubuntu 16.04 LTS<br>
- Ubuntu 14.04 LTS<br>
<br>
Summary:<br>
<br>
Exim could be made to allow response injection if it received a
specially<br>
crafted response.<br>
<br>
Software Description:<br>
- exim4: Exim is a mail transport agent<br>
<br>
Details:<br>
<br>
It was discovered that Exim did not enforce STARTTLS sync point on
client<br>
side. An attacker could possibly use this issue to perform
response<br>
injection during MTA SMTP sending.<br>
<br>
Update instructions:<br>
<br>
The problem can be corrected by updating your system to the
following<br>
package versions:<br>
<br>
Ubuntu 20.04 LTS<br>
exim4 4.93-13ubuntu1.11<br>
exim4-base 4.93-13ubuntu1.11<br>
</div>
<span class="im HOEnZb"> eximon4
4.93-13ubuntu1.11<br>
<br>
Ubuntu 18.04 LTS<br>
exim4 4.90.1-1ubuntu1.10+esm4<br>
Available with Ubuntu Pro<br>
exim4-base 4.90.1-1ubuntu1.10+esm4<br>
Available with Ubuntu Pro<br>
eximon4 4.90.1-1ubuntu1.10+esm4<br>
Available with Ubuntu Pro<br>
<br>
Ubuntu 16.04 LTS<br>
exim4 4.86.2-2ubuntu2.6+esm7<br>
Available with Ubuntu Pro<br>
exim4-base 4.86.2-2ubuntu2.6+esm7<br>
Available with Ubuntu Pro<br>
eximon4 4.86.2-2ubuntu2.6+esm7<br>
Available with Ubuntu Pro<br>
<br>
Ubuntu 14.04 LTS<br>
exim4 4.82-3ubuntu2.4+esm8<br>
Available with Ubuntu Pro<br>
exim4-base 4.82-3ubuntu2.4+esm8<br>
Available with Ubuntu Pro<br>
</span>
<div class="adm"></div>
eximon4 4.82-3ubuntu2.4+esm8<br>
Available with Ubuntu Pro<br>
<br>
In general, a standard system update will make all the necessary
changes.<br>
<br>
References:<br>
<a href="https://ubuntu.com/security/notices/USN-6881-1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices/USN-6881-1&source=gmail&ust=1720664616827000&usg=AOvVaw3cNa6z16ACRM79e2f3ixzg">https://ubuntu.com/security/no<wbr>tices/USN-6881-1</a><br>
CVE-2021-38371<br>
<br>
Package Information:<br>
<a
href="https://launchpad.net/ubuntu/+source/exim4/4.93-13ubuntu1.11"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/exim4/4.93-13ubuntu1.11&source=gmail&ust=1720664616827000&usg=AOvVaw3GHGHznnHcBvCJj3SvB9Zd">https://launchpad.net/ubuntu/+<wbr>source/exim4/4.93-13ubuntu1.11</a>
<p></p>
</body>
</html>