It was discovered that Exim incorrectly handled DKIM DNS decoding. This flaw could allow a remote attacker to execute arbitrary code.
Updated packages are available from security.ubuntu.com.
========================================================================== Ubuntu Security Notice USN-1618-1 October 26, 2012 exim4 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: Exim could be made to run programs if it received specially crafted network traffic. Software Description: - exim4: Exim is a mail transport agent Details: It was discovered that Exim incorrectly handled DKIM DNS decoding. This flaw could allow a remote attacker to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: exim4-daemon-custom 4.80-3ubuntu1.1 exim4-daemon-heavy 4.80-3ubuntu1.1 exim4-daemon-light 4.80-3ubuntu1.1 Ubuntu 12.04 LTS: exim4-daemon-custom 4.76-3ubuntu3.1 exim4-daemon-heavy 4.76-3ubuntu3.1 exim4-daemon-light 4.76-3ubuntu3.1 Ubuntu 11.10: exim4-daemon-custom 4.76-2ubuntu1.1 exim4-daemon-heavy 4.76-2ubuntu1.1 exim4-daemon-light 4.76-2ubuntu1.1 Ubuntu 11.04: exim4-daemon-custom 4.74-1ubuntu1.3 exim4-daemon-heavy 4.74-1ubuntu1.3 exim4-daemon-light 4.74-1ubuntu1.3 Ubuntu 10.04 LTS: exim4-daemon-custom 4.71-3ubuntu1.4 exim4-daemon-heavy 4.71-3ubuntu1.4 exim4-daemon-light 4.71-3ubuntu1.4 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1618-1 CVE-2012-5671 Package Information: https://launchpad.net/ubuntu/+source/exim4/4.80-3ubuntu1.1 https://launchpad.net/ubuntu/+source/exim4/4.76-3ubuntu3.1 https://launchpad.net/ubuntu/+source/exim4/4.76-2ubuntu1.1 https://launchpad.net/ubuntu/+source/exim4/4.74-1ubuntu1.3 https://launchpad.net/ubuntu/+source/exim4/4.71-3ubuntu1.4