Bugzilla – Bug 1079832
VUL-0: CVE-2018-6789: exim: Buffer overflow in an utility function
Last modified: 2024-07-15 17:05:05 UTC
Heiko Schlittermann: CVE-2018-6789 Exim 4.90 and earlier =================================== There is a buffer overflow in an utility function, if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible. A patch exists already and is being tested. Currently we're unsure about the severity, we *believe*, an exploit is difficult. A mitigation isn't known. Next steps: * t0: Distros will get access to our "security" non-public git repo (based on the SSH keys known to us) * t0 +7d: Patch will be published on the official public git repo t0 will be around 2018-02-08. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6789 http://seclists.org/oss-sec/2018/q1/133 https://exim.org/security/CVE-2018-6789.txt
Requested early access for patches for openSUSE
CRD: 2018-02-15 16:59:37 UTC
This is an autogenerated message for OBS integration: This bug (1079832) was mentioned in https://build.opensuse.org/request/show/576270 42.3 / exim
Created attachment 760068 [details] Upstream patch
https://build.opensuse.org/request/show/576288 https://build.opensuse.org/request/show/576270
openSUSE-SU-2018:0468-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1079832 CVE References: CVE-2018-6789 Sources used: openSUSE Leap 42.3 (src): exim-4.86.2-20.1
released
This is an autogenerated message for OBS integration: This bug (1079832) was mentioned in https://build.opensuse.org/request/show/891096 15.2 / exim https://build.opensuse.org/request/show/891098 Backports:SLE-15-SP1 / exim
openSUSE-SU-2021:0677-1: An update that fixes 26 vulnerabilities is now available. Category: security (critical) Bug References: 1079832,1171490,1171877,1173693,1185631 CVE References: CVE-2017-1000369,CVE-2017-16943,CVE-2017-16944,CVE-2018-6789,CVE-2019-16928,CVE-2020-12783,CVE-2020-28007,CVE-2020-28008,CVE-2020-28009,CVE-2020-28010,CVE-2020-28011,CVE-2020-28012,CVE-2020-28013,CVE-2020-28014,CVE-2020-28015,CVE-2020-28016,CVE-2020-28017,CVE-2020-28018,CVE-2020-28019,CVE-2020-28020,CVE-2020-28021,CVE-2020-28022,CVE-2020-28023,CVE-2020-28024,CVE-2020-28025,CVE-2020-28026 JIRA References: Sources used: openSUSE Leap 15.2 (src): exim-4.94.2-lp152.8.3.1
openSUSE-SU-2021:0754-1: An update that fixes 26 vulnerabilities is now available. Category: security (critical) Bug References: 1079832,1171490,1171877,1173693,1185631 CVE References: CVE-2017-1000369,CVE-2017-16943,CVE-2017-16944,CVE-2018-6789,CVE-2019-16928,CVE-2020-12783,CVE-2020-28007,CVE-2020-28008,CVE-2020-28009,CVE-2020-28010,CVE-2020-28011,CVE-2020-28012,CVE-2020-28013,CVE-2020-28014,CVE-2020-28015,CVE-2020-28016,CVE-2020-28017,CVE-2020-28018,CVE-2020-28019,CVE-2020-28020,CVE-2020-28021,CVE-2020-28022,CVE-2020-28023,CVE-2020-28024,CVE-2020-28025,CVE-2020-28026 JIRA References: Sources used: openSUSE Backports SLE-15-SP2 (src): exim-4.94.2-bp152.6.4.1, libspf2-1.2.10-bp152.5.1
openSUSE-SU-2021:0753-1: An update that fixes 30 vulnerabilities is now available. Category: security (critical) Bug References: 1079832,1136587,1142207,1154183,1160726,1171490,1171877,1173693,1185631 CVE References: CVE-2017-1000369,CVE-2017-16943,CVE-2017-16944,CVE-2018-6789,CVE-2019-10149,CVE-2019-13917,CVE-2019-15846,CVE-2019-16928,CVE-2020-12783,CVE-2020-28007,CVE-2020-28008,CVE-2020-28009,CVE-2020-28010,CVE-2020-28011,CVE-2020-28012,CVE-2020-28013,CVE-2020-28014,CVE-2020-28015,CVE-2020-28016,CVE-2020-28017,CVE-2020-28018,CVE-2020-28019,CVE-2020-28020,CVE-2020-28021,CVE-2020-28022,CVE-2020-28023,CVE-2020-28024,CVE-2020-28025,CVE-2020-28026,CVE-2020-8015 JIRA References: Sources used: openSUSE Backports SLE-15-SP1 (src): exim-4.94.2-bp151.2.4.1, libspf2-1.2.10-bp151.4.1
This is an autogenerated message for OBS integration: This bug (1079832) was mentioned in https://build.opensuse.org/request/show/1187597 Backports:SLE-15-SP6 / exim