You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa exim4

Sigurnosni nedostatak programskog paketa exim4

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3493-1
November 27, 2017

exim4 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 17.04

Summary:

Exim could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
– exim4: Exim is a mail transport agent

Details:

It was discovered that Exim incorrectly handled memory in the ESMTP
CHUNKING extension. A remote attacker could use this issue to cause Exim to
crash, resulting in a denial of service, or possibly execute arbitrary
code. The default compiler options for affected releases should reduce the
vulnerability to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
exim4-daemon-heavy 4.89-5ubuntu1.1
exim4-daemon-light 4.89-5ubuntu1.1

Ubuntu 17.04:
exim4-daemon-heavy 4.88-5ubuntu1.2
exim4-daemon-light 4.88-5ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3493-1
CVE-2017-16943

Package Information:
https://launchpad.net/ubuntu/+source/exim4/4.89-5ubuntu1.1
https://launchpad.net/ubuntu/+source/exim4/4.88-5ubuntu1.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJaHGsWAAoJEGVp2FWnRL6TWQsP/i4rCjSivcXk1KVjQ4UttO5g
IpAcq0UB/7g8wvZAEAUXzaI9iis8+K8/R/vQ8U3g5CianF2oAp+gbECykxaolYcN
/Qxmm38I9pTMZI0Djd50y+oFeXLN1AC3B+uRTv0Y+2xB6nMK7ct7uOHZYHJtq6bI
J40YOzTSYYD+TkjnTM3fJ1livSTyu+yq92+A860eu+R0LGJ5gSBRwSxGTmFBzD//
5jOcbMLeXAXXz+/ibumuKl4JFhgEiIDesKySKvKV4x58xcYHgPOYsdJF6YyBPX2P
hTsjPJkTpdI0J1vxoSyXQVUF4A2HzVy05U21QRm/T2ogsbnVmfGnpwPQYP10tmhb
Wm1ZJiKH5ozWmN8lE7orEjBxyVabO1eAgtju1aHsxEBpPRcJoktXIzLzs7Mse6kG
cNoEYdfCQnxqFeXEfphWxdR4dJUvlzviZESyt68Q2Kg4VxQI3G0dIfCSCGM+H5Gv
8IPzCxx0HtJCTqiXcwcYNr5REjLVBkG3+PNC8r+LvaWlolAp+4aqhuVrGvNJLT1W
gOiICoY0fytnuTohdtmb4hvUhPyVAKVWuR2CP1884ltu/g4DzHsZz5HIYhXKNtnW
61uLgKa1JsPuZiy9C26q7Zf8XGgUfXEZBZvQIIPL+EOjRiAiFxxyeQCs1a+O8fDO
plGsSq98wi7Fh9yiLSSW
=nfHn
—–END PGP SIGNATURE—–

AutorVlatka Misic
Cert idNCERT-REF-2017-11-0175-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libxml-perl

Otkriven je sigurnosni nedostatak u programskoj biblioteci libxml-perl za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog...

Close