Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2014-2972

Published: 4 September 2014

expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.

Notes

AuthorNote
mdeslaur
patch may introduce behaviour change

Priority

Low

Status

Package Release Status
exim4
Launchpad, Ubuntu, Debian
lucid Ignored
(end of life)
precise
Released (4.76-3ubuntu3.3)
trusty
Released (4.82-3ubuntu2.1)
upstream
Released (4.82.1-2)
utopic Not vulnerable
(4.84~RC1-3ubuntu2)
vivid Not vulnerable
(4.84~RC1-3ubuntu2)
wily Not vulnerable
(4.84~RC1-3ubuntu2)
Patches:
upstream: http://git.exim.org/exim.git/commit/7685ce68148a083d7759e78d01aa5198fc099c44
upstream: http://git.exim.org/exim.git/commit/0de7239e563eff6e83c3e72d7deb9fd26a54a3a7