Critical: exim

2019-10-18T23:22:00
ID ALAS-2019-1310
Type amazon
Reporter Amazon
Modified 2019-10-18T23:22:00

Description

Issue Overview:

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846 __. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.(CVE-2019-16928 __)

Affected Packages:

exim

Issue Correction:
Run yum update exim to update your system.

New Packages:

i686:  
    exim-pgsql-4.92-1.25.amzn1.i686  
    exim-4.92-1.25.amzn1.i686  
    exim-debuginfo-4.92-1.25.amzn1.i686  
    exim-greylist-4.92-1.25.amzn1.i686  
    exim-mon-4.92-1.25.amzn1.i686  
    exim-mysql-4.92-1.25.amzn1.i686

src:  
    exim-4.92-1.25.amzn1.src

x86_64:  
    exim-debuginfo-4.92-1.25.amzn1.x86_64  
    exim-greylist-4.92-1.25.amzn1.x86_64  
    exim-4.92-1.25.amzn1.x86_64  
    exim-pgsql-4.92-1.25.amzn1.x86_64  
    exim-mon-4.92-1.25.amzn1.x86_64  
    exim-mysql-4.92-1.25.amzn1.x86_64