9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
An update that fixes 26 vulnerabilities is now available.
Description:
This update for exim fixes the following issues:
Exim was updated to exim-4.94.2
security update (boo#1185631)
* CVE-2020-28007: Link attack in Exim's log directory
* CVE-2020-28008: Assorted attacks in Exim's spool directory
* CVE-2020-28014: Arbitrary PID file creation
* CVE-2020-28011: Heap buffer overflow in queue_run()
* CVE-2020-28010: Heap out-of-bounds write in main()
* CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
* CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
* CVE-2020-28015: New-line injection into spool header file (local)
* CVE-2020-28012: Missing close-on-exec flag for privileged pipe
* CVE-2020-28009: Integer overflow in get_stdinput()
* CVE-2020-28017: Integer overflow in receive_add_recipient()
* CVE-2020-28020: Integer overflow in receive_msg()
* CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
* CVE-2020-28021: New-line injection into spool header file (remote)
* CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
* CVE-2020-28026: Line truncation and injection in spool_read_header()
* CVE-2020-28019: Failure to reset function pointer after BDAT error
* CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
* CVE-2020-28018: Use-after-free in tls-openssl.c
* CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
update to exim-4.94.1
* Fix security issue in BDAT state confusion. Ensure we reset known-good
where we know we need to not be reading BDAT data, as a general case
fix, and move the places where we switch to BDAT mode until after
various protocol state checks. Fixes CVE-2020-BDATA reported by Qualys.
* Fix security issue in SMTP verb option parsing (CVE-2020-EXOPT)
* Fix security issue with too many recipients on a message (to remove a
known security problem if someone does set recipients_max to unlimited,
or if local additions add to the recipient list). Fixes CVE-2020-RCPTL
reported by Qualys.
* Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in
parse_fix_phrase()
* Fix security issue CVE-2020-PFPSN and guard against cmdline invoker
providing a particularly obnoxious sender full name.
* Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX
better.
bring back missing exim_db.8 manual page (fixes boo#1173693)
bring in changes from current +fixes (lots of taint check fixes)
update to exim 4.94
switch pretrans to use lua (fixes boo#1171877)
bring changes from current in +fixes branch
(patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94)
update to exim 4.93.0.4 (+fixes release)
spec file cleanup to make update work
add docdir to spec
update to exim 4.93
update to exim 4.92.3
update to exim 4.92.2
update to exim 4.92.1
* CVE-2019-13917: Fixed an issue with ${sort} expansion which could allow
remote attackers to execute other programs with root privileges
(boo#1142207)
spec file cleanup
* fix DANE inclusion guard condition
* re-enable i18n and remove misleading comment
* EXPERIMENTAL_SPF is now SUPPORT_SPF
* DANE is now SUPPORT_DANE
update to exim 4.92
* ${l_header:<name>} expansion
* ${readsocket} now supports TLS
* “utf8_downconvert” option (if built with SUPPORT_I18N)
* “pipelining” log_selector
* JSON variants for ${extract } expansion
* “noutf8” debug option
* TCP Fast Open support on MacOS
* CVE-2019-10149: Fixed a Remote Command Execution (boo#1136587)
add workaround patch for compile time error on missing printf format
annotation (gnu_printf.patch)
update to 4.91
* DEFER rather than ERROR on redis cluster MOVED response.
* Catch and remove uninitialized value warning in exiqsumm
* Disallow ‘/’ characters in queue names specified for the “queue=” ACL
modifier. This matches the restriction on the commandline.
* Fix pgsql lookup for multiple result-tuples with a single column.
Previously only the last row was returned.
* Bug 2217: Tighten up the parsing of DKIM signature headers.
* Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL.
* Fix issue with continued-connections when the DNS shifts unreliably.
* Bug 2214: Fix SMTP responses resulting from non-accept result of MIME
ACL.
* The “support for” informational output now, which built with Content
Scanning support, has a line for the malware scanner interfaces
compiled in. Interface can be individually included or not at build
time.
* The “aveserver”, “kavdaemon” and “mksd” interfaces are now not included
by the template makefile “src/EDITME”. The “STREAM” support for an
older ClamAV interface method is removed.
* Bug 2223: Fix mysql lookup returns for the no-data case (when the
number of rows affected is given instead).
* The runtime Berkeley DB library version is now additionally output by
“exim -d -bV”. Previously only the compile-time version was shown.
* Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating
SMTP connection.
* Bug 2229: Fix cutthrough routing for nonstandard port numbers defined
by routers.
* Bug 2174: A timeout on connect for a callout was also erroneously seen
as a timeout on read on a GnuTLS initiating connection, resulting in
the initiating connection being dropped.
* Relax results from ACL control request to enable cutthrough, in
unsupported situations, from error to silently (except under debug)
ignoring.
* Fix Buffer overflow in base64d() (CVE-2018-6789)
* Fix bug in DKIM verify: a buffer overflow could corrupt the malloc
metadata, resulting in a crash in free().
* Fix broken Heimdal GSSAPI authenticator integration.
* Bug 2113: Fix conversation closedown with the Avast malware scanner.
* Bug 2239: Enforce non-usability of control=utf8_downconvert in the mail
ACL.
* Speed up macro lookups during configuration file read, by skipping non-
macro text after a replacement (previously it was only once per line)
and by skipping builtin macros when searching for an uppercase lead
character.
* DANE support moved from Experimental to mainline. The Makefile control
for the build is renamed.
* Fix memory leak during multi-message connections using STARTTLS.
* Bug 2236: When a DKIM verification result is overridden by ACL, DMARC
reported the original. Fix to report (as far as possible) the ACL
result replacing the original.
* Fix memory leak during multi-message connections using STARTTLS under
OpenSSL
* Bug 2242: Fix exim_dbmbuild to permit directoryless filenames.
* Fix utf8_downconvert propagation through a redirect router.
* Bug 2253: For logging delivery lines under PRDR, append the overall
DATA response info to the (existing) per-recipient response info for
the “C=” log element.
* Bug 2251: Fix ldap lookups that return a single attribute having zero-
length value.
* Support Avast multiline protocol, this allows passing flags to newer
versions of the scanner.
* Ensure that variables possibly set during message acceptance are
marked dead before release of memory in the daemon loop.
* Bug 2250: Fix a longstanding bug in heavily-pipelined SMTP input (such
as a multi-recipient message from a mailinglist manager).
* The (EXPERIMENTAL_DMARC) variable $dmarc_ar_header is withdrawn, being
replaced by the ${authresults } expansion.
* Bug 2257: Fix pipe transport to not use a socket-only syscall.
* Set a handler for SIGTERM and call exit(3) if running as PID 1. This
allows proper process termination in container environments.
* Bug 2258: Fix spool_wireformat in combination with LMTP transport.
Previously the “final dot” had a newline after it; ensure it is CR,LF.
* SPF: remove support for the “spf” ACL condition outcome values
“err_temp” and “err_perm”, deprecated since 4.83 when the RFC-defined
words " temperror" and “permerror” were introduced.
* Re-introduce enforcement of no cutthrough delivery on transports having
transport-filters or DKIM-signing.
* Cutthrough: for a final-dot response timeout (and nonunderstood
responses) in defer=pass mode supply a 450 to the initiator.
Previously the message would be spooled.
* DANE: add dane_require_tls_ciphers SMTP Transport option; if unset,
tls_require_ciphers is used as before.
* Malware Avast: Better match the Avast multiline protocol.
* Fix reinitialisation of DKIM logging variable between messages.
* Bug 2255: Revert the disable of the OpenSSL session caching.
* Add util/renew-opendmarc-tlds.sh script for safe renewal of public
suffix list.
* DKIM: accept Ed25519 pubkeys in SubjectPublicKeyInfo-wrapped form,
since the IETF WG has not yet settled on that versus the original
“bare” representation.
* Fix syslog logging for syslog_timestamp=no and log_selector +millisec.
Previously the millisecond value corrupted the output. Fix also for
syslog_pid=no and log_selector +pid, for which the pid corrupted the
output.
Replace xorg-x11-devel by individual pkgconfig() buildrequires.
update to 4.90.1
Several bug fixes
Fix for buffer overflow in base64decode() (boo#1079832 CVE-2018-6789)
This update was imported from the openSUSE:Leap:15.2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2021-754=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Backports SLE | 15-SP2 | aarch64 | - opensuse backports sle | < 15-SP2 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):.aarch64.rpm |
openSUSE Backports SLE | 15-SP2 | ppc64le | - opensuse backports sle | < 15-SP2 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm |
openSUSE Backports SLE | 15-SP2 | s390x | - opensuse backports sle | < 15-SP2 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):.s390x.rpm |
openSUSE Backports SLE | 15-SP2 | x86_64 | - opensuse backports sle | < 15-SP2 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):.x86_64.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C