Bug 1749761

Summary: CVE-2019-15846 exim: out-of-bounds access in string_interpret_escape() leading to buffer overflow in the SMTP delivery process [fedora-all]
Product: [Fedora] Fedora Reporter: customercare
Component: eximAssignee: Jaroslav Škarvada <jskarvad>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: urgent    
Version: rawhideCC: bennie.joubert, dwmw2, jskarvad, tremble
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: exim-4.92.2-1.fc30 exim-4.92.2-1.fc29 exim-4.92.2-1.fc31 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-09-08 02:59:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1748397    

Description customercare 2019-09-06 11:46:58 UTC
Description of problem:

Root-Exploit in Exim Mailserver. 

Version-Release number of selected component (if applicable):

<= 4.92.1

How reproducible:

Sending a specialy crafted SNI domainname as part of TLS.


Source:  EXIM-DEVS

2019/09/06 #1: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. (Heiko Schlittermann <hs@...marc.schlittermann.de>)

Comment 1 Fedora Update System 2019-09-06 15:47:28 UTC
FEDORA-2019-1ed7bbb09c has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-1ed7bbb09c

Comment 2 Fedora Update System 2019-09-06 15:48:26 UTC
FEDORA-2019-467fcbb10a has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-467fcbb10a

Comment 3 Fedora Update System 2019-09-06 15:59:28 UTC
FEDORA-2019-ae361e20c2 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-ae361e20c2

Comment 4 Jaroslav Škarvada 2019-09-06 16:04:34 UTC
I think it's resolved, dropping needinfo.

Comment 5 Fedora Update System 2019-09-08 02:59:14 UTC
exim-4.92.2-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2019-09-08 03:09:11 UTC
exim-4.92.2-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2019-09-14 00:10:21 UTC
exim-4.92.2-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2019-09-14 16:33:50 UTC
exim-4.92.2-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.