Ubuntu
exim4 package

CVE-2019-15846 exim4 execute programs with root privileges

Bug #1843041 reported by do3meli
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
exim4 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

please see upstream CVE details:

https://www.exim.org/static/doc/security/CVE-2019-15846.txt

please see Debian package fixes:

https://security-tracker.debian.org/tracker/CVE-2019-15846

CVE References

do3meli (d-info-e)
information type: Private Security → Public Security
Revision history for this message
Alex Murray (alexmurray) wrote :

This bug was fixed in the package exim4 - 4.92-4ubuntu1.3
----------------
exim4 (4.92-4ubuntu1.3) disco-security; urgency=medium

  * SECURITY UPDATE: remote command execution
    - debian/patches/CVE-2019-15846.patch: ensure not to interpret '\\'
      before '\0' in src/string.c
    - CVE-2019-15846

 -- Alex Murray <email address hidden> Thu, 05 Sep 2019 11:20:47 +0930

Changed in exim4 (Ubuntu):
status: New → Fix Released
Revision history for this message
Alex Murray (alexmurray) wrote :

This bug was fixed in the package exim4 - 4.90.1-1ubuntu1.4
----------------
exim4 (4.90.1-1ubuntu1.4) bionic-security; urgency=medium

  * SECURITY UPDATE: remote command execution
    - debian/patches/CVE-2019-15846.patch: ensure not to interpret '\\'
      before '\0' in src/string.c
    - CVE-2019-15846

 -- Alex Murray <email address hidden> Wed, 04 Sep 2019 21:14:01 +0930

Revision history for this message
Alex Murray (alexmurray) wrote :

This bug was fixed in the package exim4 - 4.86.2-2ubuntu2.5
----------------
exim4 (4.86.2-2ubuntu2.5) xenial-security; urgency=medium

  * SECURITY UPDATE: remote command execution
    - debian/patches/CVE-2019-15846.patch: ensure not to interpret '\\'
      before '\0' in src/string.c
    - CVE-2019-15846

 -- Alex Murray <email address hidden> Thu, 05 Sep 2019 11:19:50 +0930

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.