Amazon Linux 1 Security Advisory: ALAS-2023-1722
Advisory Release Date: 2023-03-30 22:50 Pacific
Advisory Updated Date: 2023-04-05 20:23 Pacific
The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. (CVE-2021-38371)
Affected Packages:
exim
Issue Correction:
Run yum update exim to update your system.
i686:
exim-debuginfo-4.92-1.36.amzn1.i686
exim-mysql-4.92-1.36.amzn1.i686
exim-mon-4.92-1.36.amzn1.i686
exim-greylist-4.92-1.36.amzn1.i686
exim-4.92-1.36.amzn1.i686
exim-pgsql-4.92-1.36.amzn1.i686
src:
exim-4.92-1.36.amzn1.src
x86_64:
exim-greylist-4.92-1.36.amzn1.x86_64
exim-mysql-4.92-1.36.amzn1.x86_64
exim-mon-4.92-1.36.amzn1.x86_64
exim-pgsql-4.92-1.36.amzn1.x86_64
exim-4.92-1.36.amzn1.x86_64
exim-debuginfo-4.92-1.36.amzn1.x86_64