Amazon Linux 1 Security Advisory: ALAS-2024-1908
Advisory Release Date: 2024-01-19 01:19 Pacific
Advisory Updated Date: 2024-01-23 18:19 Pacific
Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. (CVE-2023-51766)
Affected Packages:
exim
Issue Correction:
Run yum update exim to update your system.
i686:
exim-mysql-4.92-1.40.amzn1.i686
exim-pgsql-4.92-1.40.amzn1.i686
exim-greylist-4.92-1.40.amzn1.i686
exim-4.92-1.40.amzn1.i686
exim-mon-4.92-1.40.amzn1.i686
exim-debuginfo-4.92-1.40.amzn1.i686
src:
exim-4.92-1.40.amzn1.src
x86_64:
exim-mysql-4.92-1.40.amzn1.x86_64
exim-mon-4.92-1.40.amzn1.x86_64
exim-pgsql-4.92-1.40.amzn1.x86_64
exim-4.92-1.40.amzn1.x86_64
exim-debuginfo-4.92-1.40.amzn1.x86_64
exim-greylist-4.92-1.40.amzn1.x86_64