Amazon Linux 1 Security Advisory: ALAS-2018-970
Advisory Release Date: 2018-03-07 21:43 Pacific
Advisory Updated Date: 2018-03-08 22:27 Pacific
Buffer overflow in b64decode() function, possibly leading to remote code execution:
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. (CVE-2018-6789)
Affected Packages:
exim
Issue Correction:
Run yum update exim to update your system.
i686:
exim-mon-4.90.1-2.14.amzn1.i686
exim-greylist-4.90.1-2.14.amzn1.i686
exim-4.90.1-2.14.amzn1.i686
exim-mysql-4.90.1-2.14.amzn1.i686
exim-pgsql-4.90.1-2.14.amzn1.i686
exim-debuginfo-4.90.1-2.14.amzn1.i686
src:
exim-4.90.1-2.14.amzn1.src
x86_64:
exim-mysql-4.90.1-2.14.amzn1.x86_64
exim-debuginfo-4.90.1-2.14.amzn1.x86_64
exim-mon-4.90.1-2.14.amzn1.x86_64
exim-4.90.1-2.14.amzn1.x86_64
exim-greylist-4.90.1-2.14.amzn1.x86_64
exim-pgsql-4.90.1-2.14.amzn1.x86_64