1749761 – CVE-2019-15846 exim: out-of-bounds access in string_interpret_escape() leading to buffer overflow in the SMTP delivery process [fedora-all]

Bug 1749761 - CVE-2019-15846 exim: out-of-bounds access in string_interpret_escape() leading to buffer overflow in the SMTP delivery process [fedora-all]

Summary: CVE-2019-15846 exim: out-of-bounds access in string_interpret_escape() leadin...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	exim
Sub Component:
Version:	rawhide
Hardware:	All
OS:	All
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Jaroslav Škarvada
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	CVE-2019-15846
TreeView+	depends on / blocked

Reported:	2019-09-06 11:46 UTC by customercare
Modified:	2019-09-14 16:33 UTC (History)
CC List:	4 users (show)
Fixed In Version:	exim-4.92.2-1.fc30 exim-4.92.2-1.fc29 exim-4.92.2-1.fc31
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-09-08 02:59:14 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description customercare 2019-09-06 11:46:58 UTC

Description of problem:

Root-Exploit in Exim Mailserver. 

Version-Release number of selected component (if applicable):

<= 4.92.1

How reproducible:

Sending a specialy crafted SNI domainname as part of TLS.


Source:  EXIM-DEVS

2019/09/06 #1: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. (Heiko Schlittermann <hs@...marc.schlittermann.de>)

Comment 1 Fedora Update System 2019-09-06 15:47:28 UTC

FEDORA-2019-1ed7bbb09c has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-1ed7bbb09c

Comment 2 Fedora Update System 2019-09-06 15:48:26 UTC

FEDORA-2019-467fcbb10a has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-467fcbb10a

Comment 3 Fedora Update System 2019-09-06 15:59:28 UTC

FEDORA-2019-ae361e20c2 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-ae361e20c2

Comment 4 Jaroslav Škarvada 2019-09-06 16:04:34 UTC

I think it's resolved, dropping needinfo.

Comment 5 Fedora Update System 2019-09-08 02:59:14 UTC

exim-4.92.2-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2019-09-08 03:09:11 UTC

exim-4.92.2-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2019-09-14 00:10:21 UTC

exim-4.92.2-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2019-09-14 16:33:50 UTC

exim-4.92.2-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.