Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:11026
exim.openSUSE_Leap_15.1_Update
CVE-2019-15846.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2019-15846.patch of Package exim.openSUSE_Leap_15.1_Update
Index: exim-4.88/doc/ChangeLog =================================================================== --- exim-4.88.orig/doc/ChangeLog +++ exim-4.88/doc/ChangeLog @@ -232,6 +232,7 @@ JH/18 Bug 1709: When built with TLS supp Packagers of Exim are strongly encouraged to create a server certificate at installation time. +HS/01 Handle trailing backslash gracefully. (CVE-2019-15846) HS/03 Add -bP config_file as a synonym for -bP configure_file, for consistency with the $config_file variable. Index: exim-4.88/doc/cve-2019-15846 =================================================================== --- /dev/null +++ exim-4.88/doc/cve-2019-15846 @@ -0,0 +1,45 @@ +CVE ID: CVE-2019-15846 +Date: 2019-09-02 (CVE assigned) +Credits: Zerons <sironhide0null@gmail.com> for the initial report + Qualys https://www.qualys.com/ for the analysis +Version(s): all versions up to and including 4.92.1 +Issue: A local or remote attacker can execute programs with root + privileges. + +Conditions to be vulnerable +=========================== + +If your Exim server accepts TLS connections, it is vulnerable. This does +not depend on the TLS libray, so both, GnuTLS and OpenSSL are affected. + +Details +======= + +The vulnerability is exploitable by sending a SNI ending in a +backslash-null sequence during the initial TLS handshake. The exploit +exists as a POC. For more details see the document qualys.mbx + +Mitigation +========== + +Do not offer TLS. (This mitigation is not recommended.) + +Fix +=== + +Download and build a fixed version: + + Tarballs: https://ftp.exim.org/pub/exim/exim4/ + Git: https://github.com/Exim/exim.git + - tag exim-4.92.2 + - branch exim-4.92.2+fixes + +The tagged commit is the officially released version. The +fixes branch +isn't officially maintained, but contains the security fix *and* useful +fixes. + +If you can't install the above versions, ask your package maintainer for +a version containing the backported fix. On request and depending on our +resources we will support you in backporting the fix. (Please note, +the Exim project officially doesn't support versions prior the current +stable version.) Index: exim-4.88/src/string.c =================================================================== --- exim-4.88.orig/src/string.c +++ exim-4.88/src/string.c @@ -220,6 +220,8 @@ interpreted in strings. Arguments: pp points a pointer to the initiating "\" in the string; the pointer gets updated to point to the final character + if the backslash is the last character in the string, it + is not interpreted. Returns: the value of the character escape */ @@ -232,6 +234,7 @@ const uschar *hex_digits= CUS"0123456789 int ch; const uschar *p = *pp; ch = *(++p); +if (ch == '\0') return **pp; if (isdigit(ch) && ch != '8' && ch != '9') { ch -= '0';
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor