USN-6939-1: Exim vulnerability

Releases

• Ubuntu 24.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM
• Ubuntu 16.04 ESM

Packages

• exim4 - Exim is a mail transport agent

Details

Phillip Szelat discovered that Exim misparses multiline MIME header
filenames. A remote attacker could use this issue to bypass a MIME filename
extension-blocking protection mechanism and possibly deliver executable
attachments to the mailboxes of end users.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 24.04

• exim4 - 4.97-4ubuntu4.1
• exim4-base - 4.97-4ubuntu4.1
• eximon4 - 4.97-4ubuntu4.1

Ubuntu 22.04

• exim4 - 4.95-4ubuntu2.6
• exim4-base - 4.95-4ubuntu2.6
• eximon4 - 4.95-4ubuntu2.6

Ubuntu 20.04

• exim4 - 4.93-13ubuntu1.12
• exim4-base - 4.93-13ubuntu1.12
• eximon4 - 4.93-13ubuntu1.12

Ubuntu 18.04

• exim4 - 4.90.1-1ubuntu1.10+esm5
  Available with Ubuntu Pro
• exim4-base - 4.90.1-1ubuntu1.10+esm5
  Available with Ubuntu Pro
• eximon4 - 4.90.1-1ubuntu1.10+esm5
  Available with Ubuntu Pro

Ubuntu 16.04

• exim4 - 4.86.2-2ubuntu2.6+esm8
  Available with Ubuntu Pro
• exim4-base - 4.86.2-2ubuntu2.6+esm8
  Available with Ubuntu Pro
• eximon4 - 4.86.2-2ubuntu2.6+esm8
  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

• CVE-2024-39929