DSA-4053-1 exim4 -- exim4ID: oval:org.secpod.oval:def:603191 | Date: (C)2017-12-08 (M)2023-04-19 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in Exim, a mail transport agent. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-16943 A use-after-free vulnerability was discovered in Exim"s routines responsible for parsing mail headers. A remote attacker can take advantage of this flaw to cause Exim to crash, resulting in a denial of service, or potentially for remote code execution. CVE-2017-16944 It was discovered that Exim does not properly handle BDAT data headers allowing a remote attacker to cause Exim to crash, resulting in a denial of service.