ALAS-2014-395


Amazon Linux AMI Security Advisory: ALAS-2014-395
Advisory Release Date: 2014-09-19 11:48 Pacific
Severity: Low
References: CVE-2014-2972 

Issue Overview:

expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.


Affected Packages:

exim


Issue Correction:
Run yum update exim to update your system.

New Packages:
i686:
    exim-mon-4.72-6.6.amzn1.i686
    exim-debuginfo-4.72-6.6.amzn1.i686
    exim-mysql-4.72-6.6.amzn1.i686
    exim-greylist-4.72-6.6.amzn1.i686
    exim-pgsql-4.72-6.6.amzn1.i686
    exim-4.72-6.6.amzn1.i686

src:
    exim-4.72-6.6.amzn1.src

x86_64:
    exim-pgsql-4.72-6.6.amzn1.x86_64
    exim-mon-4.72-6.6.amzn1.x86_64
    exim-greylist-4.72-6.6.amzn1.x86_64
    exim-4.72-6.6.amzn1.x86_64
    exim-debuginfo-4.72-6.6.amzn1.x86_64
    exim-mysql-4.72-6.6.amzn1.x86_64