See http://exim.org/static/doc/security/CVE-2018-6789.txt http://seclists.org/oss-sec/2018/q1/133 "There is a buffer overflow in base64d(), if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible." exim 4.90.1 contains the fix.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c39f04f7b599211e948c4fc1546e7b30ca2e7f00 commit c39f04f7b599211e948c4fc1546e7b30ca2e7f00 Author: Fabian Groffen <grobian@gentoo.org> AuthorDate: 2018-02-11 07:59:36 +0000 Commit: Fabian Groffen <grobian@gentoo.org> CommitDate: 2018-02-11 07:59:36 +0000 mail-mta/exim: version bump, bug #647240 Bug: https://bugs.gentoo.org/647240 Package-Manager: Portage-2.3.19, Repoman-2.3.6 mail-mta/exim/Manifest | 2 + mail-mta/exim/exim-4.90.1.ebuild | 528 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 530 insertions(+)}
@ Arches, please test and mark stable: =mail-mta/exim-4.90.1
An automated check of this bug failed - repoman reported dependency errors: > dependency.bad mail-mta/exim/exim-4.90.1.ebuild: DEPEND: arm(default/linux/arm/13.0) ['>=mail-filter/libspf2-1.2.5-r1', 'mail-filter/opendmarc', 'mail-filter/libsrs_alt', 'net-dialup/freeradius-client'] > dependency.bad mail-mta/exim/exim-4.90.1.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['>=mail-filter/libspf2-1.2.5-r1', 'mail-filter/opendmarc', 'mail-filter/libsrs_alt', 'net-dialup/freeradius-client', 'mail-filter/dcc']
x86 stable
ia64 stable
commit 4a7594f1853dca9d6f784f99eb2e7d8608fb9755 Author: Rolf Eike Beer <eike@sf-mail.de> Date: Tue Feb 20 09:03:35 2018 +0100 mail-mta/exim: stable 4.90.1 for sparc, bug #647240
Please stabilize. Exploits are in the wild. https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/
Added to an existing GLSA.
An automated check of this bug failed - repoman reported dependency errors (24 lines truncated): > dependency.bad mail-filter/opendmarc/opendmarc-1.3.2-r1.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['dev-perl/Switch'] > dependency.badindev mail-filter/opendmarc/opendmarc-1.3.2-r1.ebuild: RDEPEND: arm(default/linux/arm/13.0/armv4) ['dev-perl/Switch'] > dependency.badindev mail-filter/opendmarc/opendmarc-1.3.2-r1.ebuild: RDEPEND: arm(default/linux/arm/13.0/armv4/desktop) ['dev-perl/Switch']
This issue was resolved and addressed in GLSA 201803-01 at https://security.gentoo.org/glsa/201803-01 by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for remaining architectures.
Stable on alpha.
amd64 stable
arm stable
ppc64 stable
ppc stable
hppa stable
@maintainer(s), please drop the vulnerable versions.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fea8855f8ace5d7818d73201a09b94342aedb1fb commit fea8855f8ace5d7818d73201a09b94342aedb1fb Author: Fabian Groffen <grobian@gentoo.org> AuthorDate: 2018-04-23 08:46:47 +0000 Commit: Fabian Groffen <grobian@gentoo.org> CommitDate: 2018-04-23 08:46:47 +0000 mail-mta/exim: drop vulnerable versions, bug #647240 Bug: https://bugs.gentoo.org/647240 Package-Manager: Portage-2.3.24, Repoman-2.3.6 mail-mta/exim/Manifest | 6 - mail-mta/exim/exim-4.89-r5.ebuild | 533 -------------------------------------- mail-mta/exim/exim-4.89.1.ebuild | 530 ------------------------------------- mail-mta/exim/exim-4.90.ebuild | 528 ------------------------------------- 4 files changed, 1597 deletions(-)}
Thank you!