You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa exim4

Sigurnosni nedostatak programskog paketa exim4

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3322-1
June 19, 2017

exim4 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.04
– Ubuntu 16.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Exim could be made to run programs as an administrator.

Software Description:
– exim4: Exim is a mail transport agent

Details:

It was discovered that Exim did not properly deallocate memory when
processing certain command line arguments. A local attacker could use this
in conjunction with another vulnerability to possibly execute arbitrary
code and gain administrative privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
exim4-daemon-heavy 4.88-5ubuntu1.1
exim4-daemon-light 4.88-5ubuntu1.1

Ubuntu 16.10:
exim4-daemon-heavy 4.87-3ubuntu1.2
exim4-daemon-light 4.87-3ubuntu1.2

Ubuntu 16.04 LTS:
exim4-daemon-heavy 4.86.2-2ubuntu2.2
exim4-daemon-light 4.86.2-2ubuntu2.2

Ubuntu 14.04 LTS:
exim4-daemon-heavy 4.82-3ubuntu2.3
exim4-daemon-light 4.82-3ubuntu2.3

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3322-1
CVE-2017-1000369

Package Information:
https://launchpad.net/ubuntu/+source/exim4/4.88-5ubuntu1.1
https://launchpad.net/ubuntu/+source/exim4/4.87-3ubuntu1.2
https://launchpad.net/ubuntu/+source/exim4/4.86.2-2ubuntu2.2
https://launchpad.net/ubuntu/+source/exim4/4.82-3ubuntu2.3

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJZSALhAAoJEGVp2FWnRL6TYfsP/R3YOrqjE/SL/Qj6Xty1VODs
edRE7XtkAvzp1Wuh12zoTNdRmmhwkWAax7lGQJpwPwhv/YMEji5slVZ+blAeDzZU
ScXyKj8NM9qMSHkDTOdeukVdRspOw6cx+g6nnSD52hqDwLOQGv4IhrpVOlvXpXB2
CDdSFDTtmewemjpN3TvdD2lsa2Sw3Jr041+outsm8GuN70aVzJO3trbA2yiXxoY6
h65mGFfhlxy6r7N/oBhNeNoZ8nIexqER+k5cy2Sp5MoP81lcjE6ly+XlC8ts0DNI
s1R3nP+EubYC6tRk0oOmk6OGhBch5ExTrg5/QmjdAkM5UbMYUw5w7sxcpG55+pYV
h3Htu90vuay5hY2R/vd/KhiaQwNyUsEzvwwLSSzuqnuCIIE6ViA7nRPV+XDpT4Yp
Zg0jrRtErfFF6z7yGzUbb1Wj9v/wGcwHT1t2VDCavtq+otT7VuPE/Aywbi9M6C76
v1BQi0PVIRI9d8ystgZ/sbaMRB6WqHUDkn+a4D/zLqxO3ZewvcKcx7rW7v5cP2wD
z6BytNnm5U8FbzVvyr0vY0oN8EE7ZEz6RAXj7Zz8HezIhAU0L/FofQxoL3VTPAac
ZMp0xnwto8LJcIUxqRLCkogy5WRwKBd/ZarKbLhYB8ppll9TYKUh1indEIQzvBHW
EBLITxrSyyQOFvT5Lsl3
=odWd
—–END PGP SIGNATURE—–

AutorDanijel Kozinovic
Cert idNCERT-REF-2017-06-0112-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libffi

Otkriven je sigurnosni nedostatak u programskom paketu libffi. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog koda. Savjetuje se ažuriranje...

Close