Ubuntu Security Notice USN-6611-1

Ubuntu Security Notice USN-6611-1: Posted Jan 29, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6611-1 - It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism.; tags | advisory, remote, spoof; systems | linux, ubuntu; advisories | CVE-2023-51766; SHA-256 | b33d9594531fb5ded7e43cda39e1b8b5720e24099cccb39fd5e09998a9663739; Download | Favorite | View

Ubuntu Security Notice USN-6611-1

==========================================================================
Ubuntu Security Notice USN-6611-1
January 29, 2024

exim4 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Exim could be made to bypass an SPF protection mechanism if it received
a specially crafted request.

Software Description:
- exim4: Exim is a mail transport agent

Details:

It was discovered that Exim incorrectly handled certain requests.
A remote attacker could possibly use a published exploitation technique
to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass
of an SPF protection mechanism.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
  exim4                           4.96-17ubuntu2.2
  exim4-base                      4.96-17ubuntu2.2
  eximon4                         4.96-17ubuntu2.2

Ubuntu 22.04 LTS:
  exim4                           4.95-4ubuntu2.5
  exim4-base                      4.95-4ubuntu2.5
  eximon4                         4.95-4ubuntu2.5

Ubuntu 20.04 LTS:
  exim4                           4.93-13ubuntu1.10
  exim4-base                      4.93-13ubuntu1.10
  eximon4                         4.93-13ubuntu1.10

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  exim4                           4.90.1-1ubuntu1.10+esm3
  exim4-base                      4.90.1-1ubuntu1.10+esm3
  eximon4                         4.90.1-1ubuntu1.10+esm3

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  exim4                           4.86.2-2ubuntu2.6+esm6
  exim4-base                      4.86.2-2ubuntu2.6+esm6
  eximon4                         4.86.2-2ubuntu2.6+esm6

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6611-1
  CVE-2023-51766

Package Information:
  https://launchpad.net/ubuntu/+source/exim4/4.96-17ubuntu2.2
  https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.5
  https://launchpad.net/ubuntu/+source/exim4/4.93-13ubuntu1.10

Top Authors In Last 30 Days

Red Hat 300 files
Ubuntu 63 files
Debian 20 files
LiquidWorm 19 files
Apple 9 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files
nu11secur1ty 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,928)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,326)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,981)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Ubuntu Security Notice USN-6611-1

Ubuntu Security Notice USN-6611-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-6611-1

Share This

Ubuntu Security Notice USN-6611-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems