FS#63946 : [exim] <4.92.3 CVE-2019-16928 (RCE)

FS#63946 - [exim] <4.92.3 CVE-2019-16928 (RCE)

Attached to Project: Community Packages
Opened by Pascal Ernster (hardfalcon) - Sunday, 29 September 2019, 05:36 GMT
Last edited by Ivy Foster (escondida) - Friday, 11 October 2019, 20:09 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	No-one
Architecture	All
Severity	Critical
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Upstream has released exim 4.92.3, which fixes CVE-2019-16928 (an RCE using a heap-based buffer overflow, exploited by using an extraordinarily long EHLO string):

https://bugs.exim.org/show_bug.cgi?id=2449
https://www.openwall.com/lists/oss-security/2019/09/28/1
https://www.openwall.com/lists/oss-security/2019/09/28/4

Since this is a critical security vulnerability, I've chosen to not just flag the package as "out of date", but to also file a security bug to alert the security team.

This task depends upon

Closed by Ivy Foster (escondida)
Friday, 11 October 2019, 20:09 GMT
Reason for closing: Implemented
Additional comments about closing: antrhaxx uploaded 4.92.3.

Comment by Ivy Foster (escondida) - Friday, 11 October 2019, 20:09 GMT

4.92.3 is in [community] now. Thanks, anthraxx!

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#63946 - [exim] <4.92.3 CVE-2019-16928 (RCE)

Details

Loading...