Summary: | <mail-mta/exim-4.90.1: buffer overflow in base64d function (CVE-2018-6789) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | ap, grobian, net-mail+disabled |
Priority: | High | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://exim.org/static/doc/security/CVE-2018-6789.txt | ||
Whiteboard: | A1 [glsa+ cve] | ||
Package list: |
mail-mta/exim-4.90.1
mail-filter/libspf2-1.2.10 arm
mail-filter/opendmarc-1.3.2-r1 arm
mail-filter/libsrs_alt-1.0 arm
net-dialup/freeradius-client-1.1.7 arm
mail-filter/dcc-1.3.158 arm
dev-perl/Switch-2.170.0 arm
|
Runtime testing required: | --- |
Description
Hanno Böck
2018-02-10 18:32:14 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c39f04f7b599211e948c4fc1546e7b30ca2e7f00 commit c39f04f7b599211e948c4fc1546e7b30ca2e7f00 Author: Fabian Groffen <grobian@gentoo.org> AuthorDate: 2018-02-11 07:59:36 +0000 Commit: Fabian Groffen <grobian@gentoo.org> CommitDate: 2018-02-11 07:59:36 +0000 mail-mta/exim: version bump, bug #647240 Bug: https://bugs.gentoo.org/647240 Package-Manager: Portage-2.3.19, Repoman-2.3.6 mail-mta/exim/Manifest | 2 + mail-mta/exim/exim-4.90.1.ebuild | 528 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 530 insertions(+)} @ Arches, please test and mark stable: =mail-mta/exim-4.90.1 An automated check of this bug failed - repoman reported dependency errors:
> dependency.bad mail-mta/exim/exim-4.90.1.ebuild: DEPEND: arm(default/linux/arm/13.0) ['>=mail-filter/libspf2-1.2.5-r1', 'mail-filter/opendmarc', 'mail-filter/libsrs_alt', 'net-dialup/freeradius-client']
> dependency.bad mail-mta/exim/exim-4.90.1.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['>=mail-filter/libspf2-1.2.5-r1', 'mail-filter/opendmarc', 'mail-filter/libsrs_alt', 'net-dialup/freeradius-client', 'mail-filter/dcc']
x86 stable An automated check of this bug failed - repoman reported dependency errors:
> dependency.bad mail-mta/exim/exim-4.90.1.ebuild: DEPEND: arm(default/linux/arm/13.0) ['>=mail-filter/libspf2-1.2.5-r1', 'mail-filter/opendmarc', 'mail-filter/libsrs_alt', 'net-dialup/freeradius-client']
> dependency.bad mail-mta/exim/exim-4.90.1.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['>=mail-filter/libspf2-1.2.5-r1', 'mail-filter/opendmarc', 'mail-filter/libsrs_alt', 'net-dialup/freeradius-client', 'mail-filter/dcc']
ia64 stable An automated check of this bug failed - repoman reported dependency errors:
> dependency.bad mail-mta/exim/exim-4.90.1.ebuild: DEPEND: arm(default/linux/arm/13.0) ['>=mail-filter/libspf2-1.2.5-r1', 'mail-filter/opendmarc', 'mail-filter/libsrs_alt', 'net-dialup/freeradius-client']
> dependency.bad mail-mta/exim/exim-4.90.1.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['>=mail-filter/libspf2-1.2.5-r1', 'mail-filter/opendmarc', 'mail-filter/libsrs_alt', 'net-dialup/freeradius-client', 'mail-filter/dcc']
commit 4a7594f1853dca9d6f784f99eb2e7d8608fb9755 Author: Rolf Eike Beer <eike@sf-mail.de> Date: Tue Feb 20 09:03:35 2018 +0100 mail-mta/exim: stable 4.90.1 for sparc, bug #647240 Please stabilize. Exploits are in the wild. https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/ Added to an existing GLSA. An automated check of this bug failed - repoman reported dependency errors (24 lines truncated):
> dependency.bad mail-filter/opendmarc/opendmarc-1.3.2-r1.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['dev-perl/Switch']
> dependency.badindev mail-filter/opendmarc/opendmarc-1.3.2-r1.ebuild: RDEPEND: arm(default/linux/arm/13.0/armv4) ['dev-perl/Switch']
> dependency.badindev mail-filter/opendmarc/opendmarc-1.3.2-r1.ebuild: RDEPEND: arm(default/linux/arm/13.0/armv4/desktop) ['dev-perl/Switch']
This issue was resolved and addressed in GLSA 201803-01 at https://security.gentoo.org/glsa/201803-01 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for remaining architectures. Stable on alpha. amd64 stable arm stable ppc64 stable ppc stable hppa stable @maintainer(s), please drop the vulnerable versions. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fea8855f8ace5d7818d73201a09b94342aedb1fb commit fea8855f8ace5d7818d73201a09b94342aedb1fb Author: Fabian Groffen <grobian@gentoo.org> AuthorDate: 2018-04-23 08:46:47 +0000 Commit: Fabian Groffen <grobian@gentoo.org> CommitDate: 2018-04-23 08:46:47 +0000 mail-mta/exim: drop vulnerable versions, bug #647240 Bug: https://bugs.gentoo.org/647240 Package-Manager: Portage-2.3.24, Repoman-2.3.6 mail-mta/exim/Manifest | 6 - mail-mta/exim/exim-4.89-r5.ebuild | 533 -------------------------------------- mail-mta/exim/exim-4.89.1.ebuild | 530 ------------------------------------- mail-mta/exim/exim-4.90.ebuild | 528 ------------------------------------- 4 files changed, 1597 deletions(-)} Thank you! |