Your submission was sent successfully! Close

USN-4520-1: Exim SpamAssassin vulnerability

18 September 2020

Exim SpamAssassin could be made to execute aribitrary code if it received crafted .cf files/rules.



  • sa-exim - SpamAssassin filter for Exim


It was discovered that Exim SpamAssassin does not properly handle
configuration strings. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2019-19920)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04

In general, a standard system update will make all the necessary changes.