drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in exim
Name: |
Ausführen beliebiger Kommandos in exim |
|
ID: |
USN-3322-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 16.10, Ubuntu 17.04 |
|
Datum: |
Mo, 19. Juni 2017, 22:21 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369 |
|
Applikationen: |
exim |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============4118231332273682327== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="4fOATkNCkEkLnUq8f8qRubkoaTQwTB1un"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --4fOATkNCkEkLnUq8f8qRubkoaTQwTB1un Content-Type: multipart/mixed; boundary="apjEkH5qcciq3ufm0V8cml5UDgXr6UE92"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <507d7b79-5314-5c1d-0994-68ba0924c178@canonical.com> Subject: [USN-3322-1] Exim vulnerability
--apjEkH5qcciq3ufm0V8cml5UDgXr6UE92 Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3322-1 June 19, 2017
exim4 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Exim could be made to run programs as an administrator.
Software Description: - exim4: Exim is a mail transport agent
Details:
It was discovered that Exim did not properly deallocate memory when processing certain command line arguments. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code and gain administrative privileges.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: exim4-daemon-heavy 4.88-5ubuntu1.1 exim4-daemon-light 4.88-5ubuntu1.1
Ubuntu 16.10: exim4-daemon-heavy 4.87-3ubuntu1.2 exim4-daemon-light 4.87-3ubuntu1.2
Ubuntu 16.04 LTS: exim4-daemon-heavy 4.86.2-2ubuntu2.2 exim4-daemon-light 4.86.2-2ubuntu2.2
Ubuntu 14.04 LTS: exim4-daemon-heavy 4.82-3ubuntu2.3 exim4-daemon-light 4.82-3ubuntu2.3
In general, a standard system update will make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3322-1 CVE-2017-1000369
Package Information: https://launchpad.net/ubuntu/+source/exim4/4.88-5ubuntu1.1 https://launchpad.net/ubuntu/+source/exim4/4.87-3ubuntu1.2 https://launchpad.net/ubuntu/+source/exim4/4.86.2-2ubuntu2.2 https://launchpad.net/ubuntu/+source/exim4/4.82-3ubuntu2.3
--apjEkH5qcciq3ufm0V8cml5UDgXr6UE92--
--4fOATkNCkEkLnUq8f8qRubkoaTQwTB1un Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJZSALhAAoJEGVp2FWnRL6TYfsP/R3YOrqjE/SL/Qj6Xty1VODs edRE7XtkAvzp1Wuh12zoTNdRmmhwkWAax7lGQJpwPwhv/YMEji5slVZ+blAeDzZU ScXyKj8NM9qMSHkDTOdeukVdRspOw6cx+g6nnSD52hqDwLOQGv4IhrpVOlvXpXB2 CDdSFDTtmewemjpN3TvdD2lsa2Sw3Jr041+outsm8GuN70aVzJO3trbA2yiXxoY6 h65mGFfhlxy6r7N/oBhNeNoZ8nIexqER+k5cy2Sp5MoP81lcjE6ly+XlC8ts0DNI s1R3nP+EubYC6tRk0oOmk6OGhBch5ExTrg5/QmjdAkM5UbMYUw5w7sxcpG55+pYV h3Htu90vuay5hY2R/vd/KhiaQwNyUsEzvwwLSSzuqnuCIIE6ViA7nRPV+XDpT4Yp Zg0jrRtErfFF6z7yGzUbb1Wj9v/wGcwHT1t2VDCavtq+otT7VuPE/Aywbi9M6C76 v1BQi0PVIRI9d8ystgZ/sbaMRB6WqHUDkn+a4D/zLqxO3ZewvcKcx7rW7v5cP2wD z6BytNnm5U8FbzVvyr0vY0oN8EE7ZEz6RAXj7Zz8HezIhAU0L/FofQxoL3VTPAac ZMp0xnwto8LJcIUxqRLCkogy5WRwKBd/ZarKbLhYB8ppll9TYKUh1indEIQzvBHW EBLITxrSyyQOFvT5Lsl3 =odWd -----END PGP SIGNATURE-----
--4fOATkNCkEkLnUq8f8qRubkoaTQwTB1un--
--===============4118231332273682327== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4118231332273682327==--
|
|
|
|