Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for exim

This update for exim fixes the following issues:

Changes in exim:
- specify users with ref:mail, to make them dynamic. (boo#1046971)

- CVE-2017-1000369: Fixed memory leaks that could be
exploited to "stack crash" local privilege escalation (boo#1044692)
- Require user(mail) group(mail) to meet new users handling in TW.
- Prerequire permissions (fixes rpmlint).

- conditionally disable DANE on SuSE versions with OpenSSL < 1.0
- CVE-2016-1531: when installed setuid root, allows local users to gain privileges via the perl_startup
argument.
- CVE-2016-9963: DKIM information leakage (boo#1015930)

- Makefile tuning:
+ add sqlite support
+ disable WITH_OLD_DEMIME
+ enable AUTH_CYRUS_SASL
+ enable AUTH_TLS
+ enable SYSLOG_LONG_LINES
+ enable SUPPORT_PAM
+ MAX_NAMED_LIST=64
+ enable EXPERIMENTAL_DMARC
+ enable EXPERIMENTAL_EVENT
+ enable EXPERIMENTAL_PROXY
+ enable EXPERIMENTAL_CERTNAMES
+ enable EXPERIMENTAL_DSN
+ enable EXPERIMENTAL_DANE
+ enable EXPERIMENTAL_SOCKS
+ enable EXPERIMENTAL_INTERNATIONAL

Fixed bugs
bnc#1044692
VUL-0: CVE-2017-1000369: exim: Qualys new root/setuid privilege escalation method 05-2017
bnc#1015930
VUL-0: CVE-2016-9963: exim: Disclosure of private information
bnc#1046971
update to 20170701 breaks exim
CVE-2016-9963
CVE-2016-1531
CVE-2017-1000369
Selected Binaries
openSUSE Build Service is sponsored by
Places