ALAS-2019-1252


Amazon Linux AMI Security Advisory: ALAS-2019-1252
Advisory Release Date: 2019-07-25 18:49 Pacific
Severity: Important
References: CVE-2019-13917 

Issue Overview:

Exim allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain). ( CVE-2019-13917 )


Affected Packages:

exim


Issue Correction:
Run yum update exim to update your system.

New Packages:
i686:
    exim-mon-4.92-1.23.amzn1.i686
    exim-debuginfo-4.92-1.23.amzn1.i686
    exim-greylist-4.92-1.23.amzn1.i686
    exim-pgsql-4.92-1.23.amzn1.i686
    exim-4.92-1.23.amzn1.i686
    exim-mysql-4.92-1.23.amzn1.i686

src:
    exim-4.92-1.23.amzn1.src

x86_64:
    exim-mysql-4.92-1.23.amzn1.x86_64
    exim-mon-4.92-1.23.amzn1.x86_64
    exim-pgsql-4.92-1.23.amzn1.x86_64
    exim-4.92-1.23.amzn1.x86_64
    exim-greylist-4.92-1.23.amzn1.x86_64
    exim-debuginfo-4.92-1.23.amzn1.x86_64