Amazon Linux 1 Security Advisory: ALAS-2019-1252
Advisory Release Date: 2019-07-25 18:40 Pacific
Advisory Updated Date: 2019-07-25 18:49 Pacific
Exim allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain). ( CVE-2019-13917)
Affected Packages:
exim
Issue Correction:
Run yum update exim to update your system.
i686:
exim-mon-4.92-1.23.amzn1.i686
exim-debuginfo-4.92-1.23.amzn1.i686
exim-greylist-4.92-1.23.amzn1.i686
exim-pgsql-4.92-1.23.amzn1.i686
exim-4.92-1.23.amzn1.i686
exim-mysql-4.92-1.23.amzn1.i686
src:
exim-4.92-1.23.amzn1.src
x86_64:
exim-mysql-4.92-1.23.amzn1.x86_64
exim-mon-4.92-1.23.amzn1.x86_64
exim-pgsql-4.92-1.23.amzn1.x86_64
exim-4.92-1.23.amzn1.x86_64
exim-greylist-4.92-1.23.amzn1.x86_64
exim-debuginfo-4.92-1.23.amzn1.x86_64