What is the severity of USN-6611-1?

The severity of USN-6611-1 is considered high due to the potential for remote email spoofing that could bypass SPF protections.

How do I fix USN-6611-1?

To fix USN-6611-1, upgrade Exim to version 4.96-17ubuntu2.2 for Ubuntu 23.10 or the respective fixed versions for earlier releases.

What products are affected by USN-6611-1?

Affected products include Exim4, Exim4-base, and Eximon4 on various versions of Ubuntu such as 16.04, 18.04, 20.04, 22.04, and 23.10.

Can I be attacked if I don't update for USN-6611-1?

Yes, if you do not update, your system remains vulnerable to remote attackers exploiting email spoofing techniques associated with USN-6611-1.

What type of vulnerability is described in USN-6611-1?

USN-6611-1 describes a vulnerability related to improper request handling in Exim that allows the injection of spoofed email messages.

Vulnerability/
USN-6611-1

29/1/2024

USN-6611-1: Exim vulnerability

First published: Mon Jan 29 2024(Updated: )

It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism.

Affected Software	Affected Version	How to fix
All of
ubuntu/exim4	<4.96-17ubuntu2.2	4.96-17ubuntu2.2
Ubuntu	=23.10
All of
ubuntu/exim4-base	<4.96-17ubuntu2.2	4.96-17ubuntu2.2
Ubuntu	=23.10
All of
ubuntu/eximon4	<4.96-17ubuntu2.2	4.96-17ubuntu2.2
Ubuntu	=23.10
All of
ubuntu/exim4	<4.95-4ubuntu2.5	4.95-4ubuntu2.5
Ubuntu	=22.04
All of
ubuntu/exim4-base	<4.95-4ubuntu2.5	4.95-4ubuntu2.5
Ubuntu	=22.04
All of
ubuntu/eximon4	<4.95-4ubuntu2.5	4.95-4ubuntu2.5
Ubuntu	=22.04
All of
ubuntu/exim4	<4.93-13ubuntu1.10	4.93-13ubuntu1.10
Ubuntu	=20.04
All of
ubuntu/exim4-base	<4.93-13ubuntu1.10	4.93-13ubuntu1.10
Ubuntu	=20.04
All of
ubuntu/eximon4	<4.93-13ubuntu1.10	4.93-13ubuntu1.10
Ubuntu	=20.04
All of
ubuntu/exim4	<4.90.1-1ubuntu1.10+esm3	4.90.1-1ubuntu1.10+esm3
Ubuntu	=18.04
All of
ubuntu/exim4-base	<4.90.1-1ubuntu1.10+esm3	4.90.1-1ubuntu1.10+esm3
Ubuntu	=18.04
All of
ubuntu/eximon4	<4.90.1-1ubuntu1.10+esm3	4.90.1-1ubuntu1.10+esm3
Ubuntu	=18.04
All of
ubuntu/exim4	<4.86.2-2ubuntu2.6+esm6	4.86.2-2ubuntu2.6+esm6
Ubuntu	=16.04
All of
ubuntu/exim4-base	<4.86.2-2ubuntu2.6+esm6	4.86.2-2ubuntu2.6+esm6
Ubuntu	=16.04
All of
ubuntu/eximon4	<4.86.2-2ubuntu2.6+esm6	4.86.2-2ubuntu2.6+esm6
Ubuntu	=16.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

CVE-2023-51766

Frequently Asked Questions

What is the severity of USN-6611-1?
The severity of USN-6611-1 is considered high due to the potential for remote email spoofing that could bypass SPF protections.
How do I fix USN-6611-1?
To fix USN-6611-1, upgrade Exim to version 4.96-17ubuntu2.2 for Ubuntu 23.10 or the respective fixed versions for earlier releases.
What products are affected by USN-6611-1?
Affected products include Exim4, Exim4-base, and Eximon4 on various versions of Ubuntu such as 16.04, 18.04, 20.04, 22.04, and 23.10.
Can I be attacked if I don't update for USN-6611-1?
Yes, if you do not update, your system remains vulnerable to remote attackers exploiting email spoofing techniques associated with USN-6611-1.
What type of vulnerability is described in USN-6611-1?
USN-6611-1 describes a vulnerability related to improper request handling in Exim that allows the injection of spoofed email messages.

agent/severity
agent/title
agent/references
agent/last-modified-date
agent/type
agent/description
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu
version/ubuntu/23.10
version/ubuntu/22.04
version/ubuntu/20.04
version/ubuntu/18.04
version/ubuntu/16.04