Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 28 Nov 2017 22:43:59 +0100
From: Heiko Schlittermann <hs@...littermann.de>
To: oss-security@...ts.openwall.com
Subject: CVE-2017-16943 CVE-2017-16944 (Was:RCE in Exim reported)

Phil Pennock <oss-security-phil@...dhuis.org> (Sa 25 Nov 2017 04:59:12 CET):
> In Post-Thanksgiving mail-catchup, I see that the Exim Project was
> gifted with a couple of surprises in our public bugtracker on Thursday
> morning.  Complete with proof-of-concept small Python script.
> 
> I've requested CVEs, don't have them yet.
> 
> My mail to our announce list:
>   https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
…
> Public bugtracker links:
> 
>   https://bugs.exim.org/show_bug.cgi?id=2199
>   https://bugs.exim.org/show_bug.cgi?id=2201

Both issues are fixed now.

    CVE-2017-16943  (RCE)       Exim Bug 2199
        master:             4e6ae6235c68de243b1c2419027472d7659aa2b4
        exim-4_89+fixes:    4090d62a4b25782129cc1643596dc2f6e8f63bde
    Fix done by Jeremy Harrys
        

    CVE-2017-16944  (DoS)       Exim Bug 2201
        master:             178ecb70987f024f0e775d87c2f8b2cf587dd542
        exim-4_89+fixes:    4804c62909a62a3ac12ec4777ebd48c541028965
    Fix done by me.


    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ