Ubuntu Security Notice USN-6611-1

Ubuntu Security Notice USN-6611-1: Posted Jan 29, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6611-1 - It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism.; tags | advisory, remote, spoof; systems | linux, ubuntu; advisories | CVE-2023-51766; SHA-256 | b33d9594531fb5ded7e43cda39e1b8b5720e24099cccb39fd5e09998a9663739; Download | Favorite | View

Ubuntu Security Notice USN-6611-1

==========================================================================
Ubuntu Security Notice USN-6611-1
January 29, 2024

exim4 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Exim could be made to bypass an SPF protection mechanism if it received
a specially crafted request.

Software Description:
- exim4: Exim is a mail transport agent

Details:

It was discovered that Exim incorrectly handled certain requests.
A remote attacker could possibly use a published exploitation technique
to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass
of an SPF protection mechanism.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
  exim4                           4.96-17ubuntu2.2
  exim4-base                      4.96-17ubuntu2.2
  eximon4                         4.96-17ubuntu2.2

Ubuntu 22.04 LTS:
  exim4                           4.95-4ubuntu2.5
  exim4-base                      4.95-4ubuntu2.5
  eximon4                         4.95-4ubuntu2.5

Ubuntu 20.04 LTS:
  exim4                           4.93-13ubuntu1.10
  exim4-base                      4.93-13ubuntu1.10
  eximon4                         4.93-13ubuntu1.10

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  exim4                           4.90.1-1ubuntu1.10+esm3
  exim4-base                      4.90.1-1ubuntu1.10+esm3
  eximon4                         4.90.1-1ubuntu1.10+esm3

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  exim4                           4.86.2-2ubuntu2.6+esm6
  exim4-base                      4.86.2-2ubuntu2.6+esm6
  eximon4                         4.86.2-2ubuntu2.6+esm6

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6611-1
  CVE-2023-51766

Package Information:
  https://launchpad.net/ubuntu/+source/exim4/4.96-17ubuntu2.2
  https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.5
  https://launchpad.net/ubuntu/+source/exim4/4.93-13ubuntu1.10

Top Authors In Last 30 Days

Red Hat 225 files
indoushka 116 files
Ubuntu 84 files
Gentoo 36 files
Jasper Nota 25 files
Debian 19 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,101)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,815)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,569)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,756)
UNIX (9,438)
UnixWare (187)
Windows (6,674)
Other

Ubuntu Security Notice USN-6611-1

Ubuntu Security Notice USN-6611-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-6611-1

Share This

Ubuntu Security Notice USN-6611-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems