You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa Exim-SpamAssassin

Sigurnosni nedostatak programskog paketa Exim-SpamAssassin

==========================================================================
Ubuntu Security Notice USN-4520-1
September 18, 2020

sa-exim vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Exim SpamAssassin could be made to execute aribitrary code if it
received crafted .cf files/rules.

Software Description:
– sa-exim: SpamAssassin filter for Exim

Details:

It was discovered that Exim SpamAssassin does not properly handle
configuration strings. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2019-19920)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
sa-exim 4.2.1-14+deb8u1build0.16.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4520-1
CVE-2019-19920

Package Information:
https://launchpad.net/ubuntu/+source/sa-exim/4.2.1-14+deb8u1build0.16.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEE7MowLJorxPNkyBZZW+PTAFZKyRgFAl9lSfQACgkQW+PTAFZK
yRgrLBAAxwoaEX4McKCS0X6tAn/+bhQJJLZpZoR+2rUXTHrovBnCe/fHfVpjDsr4
8lgDgkk1ztKnmRHKo8AUYDcUeAW2Vg/hPAGp/023CEYzIoJ3lIaLXaBLNc91sCaH
uVb99L0tZre3lH6g69H6J4ZEvVrDnXgp3kYXlVr1eX6xZPAHInzxrOuW1tNi/IDs
AHAWzHtDinSLD2l4ew+mKQGGbjkXhfdArDvNxyBDo+IFoyjhrB/rEqLzvsgAZlu0
11nj9k/gSnSbWaKi8fENpeBtfFxkcmE4j0HEFakQ6Z4yGq428MRmIBamF9XvGK7W
sEBWmj5YtKATDM0yzmcLSADiZJ8edb22Rne+WmmHd0/KqV6SXBeBT7RGl2seQQ+C
KknAZM+c+TtvHrVPOxqZGAIWNzo8XeoNRktEFs+Ul4Mc4bKXF3e/SktiodqFDD0B
54QUYjh7H7U3h3h7/Y51sjhdJQhvVAksXxXnwdqwn5QIR5F/evm7F7cciQu0nM5N
8FO/FpHXGnRqJC/yoI/g7JNps/oOxJYax5hm4jCKite9YeAG9U/yuDmKqo8qMKUs
whmbc+TajLhwhqbxdOW9E/GFJxSa2icCf+lSnCe30Az1vgmDZ4SbGP6MJf61YE9E
tKthtnmyMwiREtB02clQQyBZgpFUvquljCs/5c6CByvPUzRM/tQ=
=oUOo
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libqt4

Otkriveni su sigurnosni nedostaci programske biblioteke libqt4 za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja ili...

Close