CVE-2019-15846 exim4 execute programs with root privileges

Bug #1843041 reported by do3meli on 2019-09-06
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
exim4 (Ubuntu)
Undecided
Unassigned

Bug Description

CVE References

do3meli (d-info-e) on 2019-09-06
information type: Private Security → Public Security
Alex Murray (alexmurray) wrote :

This bug was fixed in the package exim4 - 4.92-4ubuntu1.3
----------------
exim4 (4.92-4ubuntu1.3) disco-security; urgency=medium

  * SECURITY UPDATE: remote command execution
    - debian/patches/CVE-2019-15846.patch: ensure not to interpret '\\'
      before '\0' in src/string.c
    - CVE-2019-15846

 -- Alex Murray <email address hidden> Thu, 05 Sep 2019 11:20:47 +0930

Changed in exim4 (Ubuntu):
status: New → Fix Released
Alex Murray (alexmurray) wrote :

This bug was fixed in the package exim4 - 4.90.1-1ubuntu1.4
----------------
exim4 (4.90.1-1ubuntu1.4) bionic-security; urgency=medium

  * SECURITY UPDATE: remote command execution
    - debian/patches/CVE-2019-15846.patch: ensure not to interpret '\\'
      before '\0' in src/string.c
    - CVE-2019-15846

 -- Alex Murray <email address hidden> Wed, 04 Sep 2019 21:14:01 +0930

Alex Murray (alexmurray) wrote :

This bug was fixed in the package exim4 - 4.86.2-2ubuntu2.5
----------------
exim4 (4.86.2-2ubuntu2.5) xenial-security; urgency=medium

  * SECURITY UPDATE: remote command execution
    - debian/patches/CVE-2019-15846.patch: ensure not to interpret '\\'
      before '\0' in src/string.c
    - CVE-2019-15846

 -- Alex Murray <email address hidden> Thu, 05 Sep 2019 11:19:50 +0930

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers