Amazon Linux AMI Security Advisory: ALAS-2021-1497
Advisory Release Date: 2021-05-06 19:11 Pacific
Advisory Updated Date: 2021-05-07 20:34 Pacific
Prior versions of Exim 4 have Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character. (CVE-2020-28015)
Prior versions of Exim 4 allowed Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption. (CVE-2020-28017)
Prior versions of Exim 4 allowed Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. (CVE-2020-28018)
Prior versions of Exim 4 have Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command. (CVE-2020-28021)
Run yum update exim to update your system.