Summary: | <mail-mta/exim-4.94.2: multiple vulnerabilities (Nine inch mails) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | dan, grobian |
Priority: | Normal | Flags: | nattka:
sanity-check-
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.qualys.com/2021/05/04/21nails/21nails.txt | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=743388 | ||
Whiteboard: | B1 [glsa+ cve] | ||
Package list: |
mail-mta/exim-4.94.2
|
Runtime testing required: | --- |
Description
Thomas Deutschmann (RETIRED)
2021-04-29 18:44:36 UTC
Summary Local vulnerabilities - CVE-2020-28007: Link attack in Exim's log directory - CVE-2020-28008: Assorted attacks in Exim's spool directory - CVE-2020-28014: Arbitrary file creation and clobbering - CVE-2021-27216: Arbitrary file deletion - CVE-2020-28011: Heap buffer overflow in queue_run() - CVE-2020-28010: Heap out-of-bounds write in main() - CVE-2020-28013: Heap buffer overflow in parse_fix_phrase() - CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase() - CVE-2020-28015: New-line injection into spool header file (local) - CVE-2020-28012: Missing close-on-exec flag for privileged pipe - CVE-2020-28009: Integer overflow in get_stdinput() Remote vulnerabilities - CVE-2020-28017: Integer overflow in receive_add_recipient() - CVE-2020-28020: Integer overflow in receive_msg() - CVE-2020-28023: Out-of-bounds read in smtp_setup_msg() - CVE-2020-28021: New-line injection into spool header file (remote) - CVE-2020-28022: Heap out-of-bounds read and write in extract_option() - CVE-2020-28026: Line truncation and injection in spool_read_header() - CVE-2020-28019: Failure to reset function pointer after BDAT error - CVE-2020-28024: Heap buffer underflow in smtp_ungetc() - CVE-2020-28018: Use-after-free in tls-openssl.c - CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash() Please bump. Bumping (and dropping the PAM taint patch) worked for me. Seeing as this has remote exploit potential, do we want to go ahead without waiting for the maintainer? no, please wait, a news item for Exim must be out of the door before I bump this, I'll break the 72-hour rule and do it now (In reply to Tobias Klausmann from comment #3) > Bumping (and dropping the PAM taint patch) worked for me. Seeing as this has > remote exploit potential, do we want to go ahead without waiting for the > maintainer? Thanks for asking (genuinely, I’d rather have two people happy to do it than none). Luckily, Fabian is around… (In reply to Fabian Groffen from comment #4) > no, please wait, a news item for Exim must be out of the door before I bump > this, I'll break the 72-hour rule and do it now Fantastic, go for it. I wish they’d not combined it with breaking changes… The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ddfa885089b0c76a0c0c57a5fcebf42948203d4 commit 3ddfa885089b0c76a0c0c57a5fcebf42948203d4 Author: Fabian Groffen <grobian@gentoo.org> AuthorDate: 2021-05-04 15:47:19 +0000 Commit: Fabian Groffen <grobian@gentoo.org> CommitDate: 2021-05-04 15:47:19 +0000 mail-mta/exim-4.94.2: version bump Bug: https://bugs.gentoo.org/786945 Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: Fabian Groffen <grobian@gentoo.org> mail-mta/exim/Manifest | 2 + mail-mta/exim/exim-4.94.2.ebuild | 616 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 618 insertions(+) arm done ppc64 done ppc done x86 done amd64 done This issue was resolved and addressed in GLSA 202105-01 at https://security.gentoo.org/glsa/202105-01 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for remaining architecture. Unfortunately catbus is down right now, so Dakon may need to.. *** Bug 788223 has been marked as a duplicate of this bug. *** sparc stable Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=51ce2b02fc364a4a963c913edfc47084c3daa8ad commit 51ce2b02fc364a4a963c913edfc47084c3daa8ad Author: Fabian Groffen <grobian@gentoo.org> AuthorDate: 2021-05-05 18:43:16 +0000 Commit: Fabian Groffen <grobian@gentoo.org> CommitDate: 2021-05-05 18:43:26 +0000 mail-mta/exim: cleanup Bug: https://bugs.gentoo.org/786945 Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: Fabian Groffen <grobian@gentoo.org> mail-mta/exim/Manifest | 4 - mail-mta/exim/exim-4.93.0.4-r2.ebuild | 592 -------------------- mail-mta/exim/exim-4.94-r2.ebuild | 593 -------------------- mail-mta/exim/exim-4.94-r3.ebuild | 617 --------------------- mail-mta/exim/files/exim-4.20-maildir.patch | 14 - mail-mta/exim/files/exim-4.93-CVE-2020-12783.patch | 83 --- mail-mta/exim/files/exim-4.93-fno-common.patch | 16 - .../exim/files/exim-4.93-localscan_dlopen.patch | 269 --------- mail-mta/exim/files/exim-4.93-radius.patch | 66 --- .../exim/files/exim-4.94-taint-pam-expansion.patch | 35 -- 10 files changed, 2289 deletions(-) Unable to check for sanity:
> no match for package: mail-mta/exim-4.94.2
Repository is clean, all done! |