Bug ID 1079832
Summary VUL-0: CVE-2018-6789: exim: Buffer overflow in an utility function
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.3
Hardware Other
URL https://smash.suse.de/issue/199626/
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter jsegitz@suse.com
QA Contact security-team@suse.de
Found By Security Response Team
Blocker --- 

Heiko Schlittermann:
CVE-2018-6789 Exim 4.90 and earlier
===================================

There is a buffer overflow in an utility function, if some pre-conditions
are met.  Using a handcrafted message, remote code execution seems to be
possible.

A patch exists already and is being tested.

Currently we're unsure about the severity, we *believe*, an exploit
is difficult. A mitigation isn't known.

Next steps:

* t0:     Distros will get access to our "security" non-public git repo
          (based on the SSH keys known to us)
* t0 +7d: Patch will be published on the official public git repo

t0 will be around 2018-02-08.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6789
http://seclists.org/oss-sec/2018/q1/133
https://exim.org/security/CVE-2018-6789.txt

You are receiving this mail because: