ALAS-2019-1310


Amazon Linux AMI Security Advisory: ALAS-2019-1310
Advisory Release Date: 2019-10-24 21:31 Pacific
Severity: Critical
References: CVE-2019-16928 

Issue Overview:

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846 . There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.(CVE-2019-16928 )


Affected Packages:

exim


Issue Correction:
Run yum update exim to update your system.

New Packages:
i686:
    exim-pgsql-4.92-1.25.amzn1.i686
    exim-4.92-1.25.amzn1.i686
    exim-debuginfo-4.92-1.25.amzn1.i686
    exim-greylist-4.92-1.25.amzn1.i686
    exim-mon-4.92-1.25.amzn1.i686
    exim-mysql-4.92-1.25.amzn1.i686

src:
    exim-4.92-1.25.amzn1.src

x86_64:
    exim-debuginfo-4.92-1.25.amzn1.x86_64
    exim-greylist-4.92-1.25.amzn1.x86_64
    exim-4.92-1.25.amzn1.x86_64
    exim-pgsql-4.92-1.25.amzn1.x86_64
    exim-mon-4.92-1.25.amzn1.x86_64
    exim-mysql-4.92-1.25.amzn1.x86_64