Amazon Linux 1 Security Advisory: ALAS-2019-1310
Advisory Release Date: 2019-10-18 23:22 Pacific
Advisory Updated Date: 2019-10-24 21:31 Pacific
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.(CVE-2019-16928)
Affected Packages:
exim
Issue Correction:
Run yum update exim to update your system.
i686:
exim-pgsql-4.92-1.25.amzn1.i686
exim-4.92-1.25.amzn1.i686
exim-debuginfo-4.92-1.25.amzn1.i686
exim-greylist-4.92-1.25.amzn1.i686
exim-mon-4.92-1.25.amzn1.i686
exim-mysql-4.92-1.25.amzn1.i686
src:
exim-4.92-1.25.amzn1.src
x86_64:
exim-debuginfo-4.92-1.25.amzn1.x86_64
exim-greylist-4.92-1.25.amzn1.x86_64
exim-4.92-1.25.amzn1.x86_64
exim-pgsql-4.92-1.25.amzn1.x86_64
exim-mon-4.92-1.25.amzn1.x86_64
exim-mysql-4.92-1.25.amzn1.x86_64