CVE-2017-1000369

Priority
Description
Exim supports the use of multiple "-p" command line arguments which are
malloc()'ed and never free()'ed, used in conjunction with other issues
allows attackers to cause arbitrary code execution. This affects exim
version 4.89 and earlier. Please note that at this time upstream has
released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it
is not known if a new point release is available that addresses this issue
at this time.
Ubuntu-Description
It was discovered that Exim did not properly deallocate memory when
processing certain command line arguments. A local attacker could use
this in conjunction with another vulnerability to possibly execute
arbitrary code and gain administrative privileges.
Notes
Package
Source: exim4 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (4.82-3ubuntu2.3)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.86.2-2ubuntu2.2)
More Information

Updated: 2019-12-05 18:47:26 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)