http://bugzilla.opensuse.org/show_bug.cgi?id=1079832 Bug ID: 1079832 Summary: VUL-0: CVE-2018-6789: exim: Buffer overflow in an utility function Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/199626/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: jsegitz@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- Heiko Schlittermann: CVE-2018-6789 Exim 4.90 and earlier =================================== There is a buffer overflow in an utility function, if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible. A patch exists already and is being tested. Currently we're unsure about the severity, we *believe*, an exploit is difficult. A mitigation isn't known. Next steps: * t0: Distros will get access to our "security" non-public git repo (based on the SSH keys known to us) * t0 +7d: Patch will be published on the official public git repo t0 will be around 2018-02-08. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6789 http://seclists.org/oss-sec/2018/q1/133 https://exim.org/security/CVE-2018-6789.txt -- You are receiving this mail because: You are on the CC list for the bug.