Vulnerability ID: USN-2933-1 Title: Exim vulnerabilities Publication Date: 15 March 2016 Affected Packages: exim4 - Exim is a mail transport agent Details: - CVE-2016-1531: Exim incorrectly filtered environment variables when used with the perl_startup configuration option. This could allow a local attacker to escalate privileges to the root user. - CVE-2014-2972: Exim incorrectly expanded mathematical comparisons twice. This could allow a local attacker to perform arbitrary file operations as the exim user. Update Instructions: Update your system to the following package versions to fix the issues. - 15.10 wily: exim4-daemon-heavy - 4.86-3ubuntu1.1, exim4-daemon-light - 4.86-3ubuntu1.1 - 14.04 LTS trusty: exim4-daemon-heavy - 4.82-3ubuntu2.1, exim4-daemon-light - 4.82-3ubuntu2.1 - 12.04 precise: exim4-daemon-custom - 4.76-3ubuntu3.3, exim4-daemon-heavy - 4.76-3ubuntu3.3, exim4-daemon-light - 4.76-3ubuntu3.3 References: CVE-2016-1531, CVE-2014-2972