- Vulnerability/
- USN-6411-1
USN-6411-1: Exim vulnerabilities
First published: Wed Oct 04 2023(Updated: )
It was discovered that Exim incorrectly handled certain challenge requests. A remote attacker could possibly use this issue to perform out-of-bounds reads, resulting in information leakage. (CVE-2023-42114) It was discovered that Exim incorrectly handled validation of user-supplied data. A remote attacker could possibly use this issue to perform out-of-bounds writes, resulting in arbitrary code execution. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-42115) It was discovered that Exim incorrectly handled certain challenge requests. A remote attacker could possibly use this issue to perform out-of-bounds writes, resulting in arbitrary code execution. (CVE-2023-42116)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/exim4 | <4.96-14ubuntu1.2 | 4.96-14ubuntu1.2 |
| =23.04 | ||
| All of | ||
| ubuntu/exim4-base | <4.96-14ubuntu1.2 | 4.96-14ubuntu1.2 |
| =23.04 | ||
| All of | ||
| ubuntu/exim4-daemon-heavy | <4.96-14ubuntu1.2 | 4.96-14ubuntu1.2 |
| =23.04 | ||
| All of | ||
| ubuntu/exim4-daemon-light | <4.96-14ubuntu1.2 | 4.96-14ubuntu1.2 |
| =23.04 | ||
| All of | ||
| ubuntu/eximon4 | <4.96-14ubuntu1.2 | 4.96-14ubuntu1.2 |
| =23.04 | ||
| All of | ||
| ubuntu/exim4 | <4.95-4ubuntu2.3 | 4.95-4ubuntu2.3 |
| =22.04 | ||
| All of | ||
| ubuntu/exim4-base | <4.95-4ubuntu2.3 | 4.95-4ubuntu2.3 |
| =22.04 | ||
| All of | ||
| ubuntu/exim4-daemon-heavy | <4.95-4ubuntu2.3 | 4.95-4ubuntu2.3 |
| =22.04 | ||
| All of | ||
| ubuntu/exim4-daemon-light | <4.95-4ubuntu2.3 | 4.95-4ubuntu2.3 |
| =22.04 | ||
| All of | ||
| ubuntu/eximon4 | <4.95-4ubuntu2.3 | 4.95-4ubuntu2.3 |
| =22.04 | ||
| All of | ||
| ubuntu/exim4 | <4.93-13ubuntu1.8 | 4.93-13ubuntu1.8 |
| =20.04 | ||
| All of | ||
| ubuntu/exim4-base | <4.93-13ubuntu1.8 | 4.93-13ubuntu1.8 |
| =20.04 | ||
| All of | ||
| ubuntu/exim4-daemon-heavy | <4.93-13ubuntu1.8 | 4.93-13ubuntu1.8 |
| =20.04 | ||
| All of | ||
| ubuntu/exim4-daemon-light | <4.93-13ubuntu1.8 | 4.93-13ubuntu1.8 |
| =20.04 | ||
| All of | ||
| ubuntu/eximon4 | <4.93-13ubuntu1.8 | 4.93-13ubuntu1.8 |
| =20.04 | ||
| All of | ||
| ubuntu/exim4 | <4.90.1-1ubuntu1.10+esm1 | 4.90.1-1ubuntu1.10+esm1 |
| =18.04 | ||
| All of | ||
| ubuntu/exim4-base | <4.90.1-1ubuntu1.10+esm1 | 4.90.1-1ubuntu1.10+esm1 |
| =18.04 | ||
| All of | ||
| ubuntu/exim4-daemon-heavy | <4.90.1-1ubuntu1.10+esm1 | 4.90.1-1ubuntu1.10+esm1 |
| =18.04 | ||
| All of | ||
| ubuntu/exim4-daemon-light | <4.90.1-1ubuntu1.10+esm1 | 4.90.1-1ubuntu1.10+esm1 |
| =18.04 | ||
| All of | ||
| ubuntu/eximon4 | <4.90.1-1ubuntu1.10+esm1 | 4.90.1-1ubuntu1.10+esm1 |
| =18.04 | ||
| All of | ||
| ubuntu/exim4 | <4.86.2-2ubuntu2.6+esm4 | 4.86.2-2ubuntu2.6+esm4 |
| =16.04 | ||
| All of | ||
| ubuntu/exim4-base | <4.86.2-2ubuntu2.6+esm4 | 4.86.2-2ubuntu2.6+esm4 |
| =16.04 | ||
| All of | ||
| ubuntu/exim4-daemon-heavy | <4.86.2-2ubuntu2.6+esm4 | 4.86.2-2ubuntu2.6+esm4 |
| =16.04 | ||
| All of | ||
| ubuntu/exim4-daemon-light | <4.86.2-2ubuntu2.6+esm4 | 4.86.2-2ubuntu2.6+esm4 |
| =16.04 | ||
| All of | ||
| ubuntu/eximon4 | <4.86.2-2ubuntu2.6+esm4 | 4.86.2-2ubuntu2.6+esm4 |
| =16.04 | ||
| All of | ||
| ubuntu/exim4 | <4.82-3ubuntu2.4+esm6 | 4.82-3ubuntu2.4+esm6 |
| =14.04 | ||
| All of | ||
| ubuntu/exim4-base | <4.82-3ubuntu2.4+esm6 | 4.82-3ubuntu2.4+esm6 |
| =14.04 | ||
| All of | ||
| ubuntu/exim4-daemon-heavy | <4.82-3ubuntu2.4+esm6 | 4.82-3ubuntu2.4+esm6 |
| =14.04 | ||
| All of | ||
| ubuntu/exim4-daemon-light | <4.82-3ubuntu2.4+esm6 | 4.82-3ubuntu2.4+esm6 |
| =14.04 | ||
| All of | ||
| ubuntu/eximon4 | <4.82-3ubuntu2.4+esm6 | 4.82-3ubuntu2.4+esm6 |
| =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-42115
- https://ubuntu.com/security/CVE-2023-42114
- https://ubuntu.com/security/CVE-2023-42116
- https://launchpad.net/ubuntu/+source/exim4/4.96-14ubuntu1.2
- https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.3
- https://launchpad.net/ubuntu/+source/exim4/4.93-13ubuntu1.8
- https://ubuntu.com/security/notices/USN-6411-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this Exim vulnerability?
The vulnerability ID for this Exim vulnerability is CVE-2023-42114.
What is the severity of CVE-2023-42114?
The severity of CVE-2023-42114 is not specified in the provided information. Please refer to the references for more details.
How does CVE-2023-42114 affect Exim4?
CVE-2023-42114 affects Exim4 versions 4.96-14ubuntu1.2 and earlier.
What is the remedy for CVE-2023-42114 in Ubuntu 23.04?
The remedy for CVE-2023-42114 in Ubuntu 23.04 is to update the Exim4 packages to version 4.96-14ubuntu1.2 or later.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/23.04
- version/ubuntu ubuntu/22.04
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04