ALAS-2019-1221


Amazon Linux AMI Security Advisory: ALAS-2019-1221
Advisory Release Date: 2019-06-05 23:22 Pacific
Severity: Critical
References: CVE-2019-10149 

Issue Overview:

A flaw was found in Exim versions 4.87 to 4.91 before release 1.20 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. (CVE-2019-10149 )


Affected Packages:

exim


Issue Correction:
Run yum update exim to update your system.

New Packages:
i686:
    exim-pgsql-4.91-1.20.amzn1.i686
    exim-mysql-4.91-1.20.amzn1.i686
    exim-greylist-4.91-1.20.amzn1.i686
    exim-debuginfo-4.91-1.20.amzn1.i686
    exim-mon-4.91-1.20.amzn1.i686
    exim-4.91-1.20.amzn1.i686

src:
    exim-4.91-1.20.amzn1.src

x86_64:
    exim-debuginfo-4.91-1.20.amzn1.x86_64
    exim-pgsql-4.91-1.20.amzn1.x86_64
    exim-4.91-1.20.amzn1.x86_64
    exim-greylist-4.91-1.20.amzn1.x86_64
    exim-mon-4.91-1.20.amzn1.x86_64
    exim-mysql-4.91-1.20.amzn1.x86_64