ALAS-2018-970


Amazon Linux AMI Security Advisory: ALAS-2018-970
Advisory Release Date: 2018-03-08 22:27 Pacific
Severity: Critical
References: CVE-2018-6789 

Issue Overview:

Buffer overflow in b64decode() function, possibly leading to remote code execution:
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. (CVE-2018-6789 )


Affected Packages:

exim


Issue Correction:
Run yum update exim to update your system.

New Packages:
i686:
    exim-mon-4.90.1-2.14.amzn1.i686
    exim-greylist-4.90.1-2.14.amzn1.i686
    exim-4.90.1-2.14.amzn1.i686
    exim-mysql-4.90.1-2.14.amzn1.i686
    exim-pgsql-4.90.1-2.14.amzn1.i686
    exim-debuginfo-4.90.1-2.14.amzn1.i686

src:
    exim-4.90.1-2.14.amzn1.src

x86_64:
    exim-mysql-4.90.1-2.14.amzn1.x86_64
    exim-debuginfo-4.90.1-2.14.amzn1.x86_64
    exim-mon-4.90.1-2.14.amzn1.x86_64
    exim-4.90.1-2.14.amzn1.x86_64
    exim-greylist-4.90.1-2.14.amzn1.x86_64
    exim-pgsql-4.90.1-2.14.amzn1.x86_64