===========================================================
Ubuntu Security Notice USN-1032-1 December 11, 2010
exim4 vulnerability
CVE-2010-4344
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
exim4-daemon-custom 4.60-3ubuntu3.2
exim4-daemon-heavy 4.60-3ubuntu3.2
exim4-daemon-light 4.60-3ubuntu3.2

Ubuntu 8.04 LTS:
exim4-daemon-custom 4.69-2ubuntu0.2
exim4-daemon-heavy 4.69-2ubuntu0.2
exim4-daemon-light 4.69-2ubuntu0.2

Ubuntu 9.10:
exim4-daemon-custom 4.69-11ubuntu4.1
exim4-daemon-heavy 4.69-11ubuntu4.1
exim4-daemon-light 4.69-11ubuntu4.1

In general, a standard system update will make all the necessary changes.

Details follow:

Sergey Kononenko and Eugene Bujak discovered that Exim did not correctly
truncate string expansions. A remote attacker could send specially crafted
email traffic to run arbitrary code as the Exim user, which could also
lead to root privileges.