Exim Security Patch Introduces Regression on Ubuntu 22.04 LTS
A follow-up security update addresses a regression in Exim's CVE-2023-42117 fix that caused Taint mismatch errors on Ubuntu 22.04 LTS. The original patch resolved critical memory corruption and information disclosure vulnerabilities affecting the widely-deployed mail server.
TL;DR
- USN-6455-2 fixes a regression introduced by the initial Exim security patch (USN-6455-1) on Ubuntu 22.04 LTS
- The regression caused Taint mismatch errors in certain connection scenarios, impacting mail server stability
- Original vulnerabilities (CVE-2023-42117, CVE-2023-42119) allowed remote code execution and sensitive data exposure
- Organizations running Exim on Ubuntu 22.04 LTS should apply this follow-up update to restore normal operations
Ubuntu has released a follow-up security advisory (USN-6455-2) addressing an unintended regression introduced by the initial Exim vulnerability patch. The regression affected Ubuntu 22.04 LTS systems, causing Taint mismatch errors during certain connection scenarios that degraded mail server reliability.
The original advisory (USN-6455-1) patched two critical vulnerabilities in Exim: CVE-2023-42117, which allowed memory corruption and potential remote code execution, and CVE-2023-42119, which enabled out-of-bounds reads leading to information disclosure. While the security fixes were essential, the implementation inadvertently triggered validation logic errors on the LTS release.
This follow-up release corrects the regression without compromising the security improvements, ensuring that organizations can maintain both protection and operational stability.
The Original Vulnerabilities
- CVE-2023-42117: Improper validation of user-supplied data in Exim led to memory corruption, enabling remote code execution
- CVE-2023-42119: Out-of-bounds read vulnerability allowed attackers to access sensitive information
- Both issues affected Exim's core input validation mechanisms, representing critical risks to mail infrastructure
Regression Impact and Resolution
- The initial security patch introduced a Taint mismatch error affecting Ubuntu 22.04 LTS deployments
- Affected systems experienced connection logging failures and potential mail delivery disruptions
- USN-6455-2 refines the validation logic to eliminate the regression while preserving security protections
- Organizations should prioritize this follow-up update to restore full functionality
Deployment Considerations
- Ubuntu 22.04 LTS users must apply both USN-6455-1 and USN-6455-2 sequentially for complete protection
- Mail administrators should test the update in non-production environments before broad deployment
- Monitor Exim logs post-update to confirm Taint mismatch errors have been resolved
Sources
Sources
Security email updates
One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.