2018-03-13
ALT-BU-2018-3126-1
Branch sisyphus update bulletin.
Package kernel-image-std-def updated to version 4.9.87-alt1 for branch sisyphus in task 201703.
Closed vulnerabilities
Published: 2011-12-12
Modified: 2023-11-07
Modified: 2023-11-07
CVE-2011-1161
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-1160, CVE-2011-1162. Reason: This candidate was withdrawn by its CNA. Further investigation showed that only two candidates, CVE-2011-1160 and CVE-2011-1162, were needed for the set of security issues in question. Notes: none
Published: 2018-06-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-5803
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
Severity: MEDIUM (4.9)
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Severity: MEDIUM (5.5)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
- https://access.redhat.com/errata/RHSA-2018:1854
- https://access.redhat.com/errata/RHSA-2018:2948
- https://access.redhat.com/errata/RHSA-2018:3083
- https://access.redhat.com/errata/RHSA-2018:3096
- https://access.redhat.com/errata/RHSA-2019:0641
- https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
- https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
- https://secuniaresearch.flexerasoftware.com/advisories/81331/
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/
- https://usn.ubuntu.com/3654-1/
- https://usn.ubuntu.com/3654-2/
- https://usn.ubuntu.com/3656-1/
- https://usn.ubuntu.com/3697-1/
- https://usn.ubuntu.com/3697-2/
- https://usn.ubuntu.com/3698-1/
- https://usn.ubuntu.com/3698-2/
- https://www.debian.org/security/2018/dsa-4187
- https://www.debian.org/security/2018/dsa-4188
- https://www.spinics.net/lists/linux-sctp/msg07036.html
- https://www.spinics.net/lists/netdev/msg482523.html
- https://access.redhat.com/errata/RHSA-2018:1854
- https://access.redhat.com/errata/RHSA-2018:2948
- https://access.redhat.com/errata/RHSA-2018:3083
- https://access.redhat.com/errata/RHSA-2018:3096
- https://access.redhat.com/errata/RHSA-2019:0641
- https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
- https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
- https://secuniaresearch.flexerasoftware.com/advisories/81331/
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/
- https://usn.ubuntu.com/3654-1/
- https://usn.ubuntu.com/3654-2/
- https://usn.ubuntu.com/3656-1/
- https://usn.ubuntu.com/3697-1/
- https://usn.ubuntu.com/3697-2/
- https://usn.ubuntu.com/3698-1/
- https://usn.ubuntu.com/3698-2/
- https://www.debian.org/security/2018/dsa-4187
- https://www.debian.org/security/2018/dsa-4188
- https://www.spinics.net/lists/linux-sctp/msg07036.html
- https://www.spinics.net/lists/netdev/msg482523.html
Package kernel-image-un-def updated to version 4.14.26-alt1 for branch sisyphus in task 201704.
Closed vulnerabilities
Published: 2018-06-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-5803
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
Severity: MEDIUM (4.9)
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Severity: MEDIUM (5.5)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
- https://access.redhat.com/errata/RHSA-2018:1854
- https://access.redhat.com/errata/RHSA-2018:2948
- https://access.redhat.com/errata/RHSA-2018:3083
- https://access.redhat.com/errata/RHSA-2018:3096
- https://access.redhat.com/errata/RHSA-2019:0641
- https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
- https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
- https://secuniaresearch.flexerasoftware.com/advisories/81331/
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/
- https://usn.ubuntu.com/3654-1/
- https://usn.ubuntu.com/3654-2/
- https://usn.ubuntu.com/3656-1/
- https://usn.ubuntu.com/3697-1/
- https://usn.ubuntu.com/3697-2/
- https://usn.ubuntu.com/3698-1/
- https://usn.ubuntu.com/3698-2/
- https://www.debian.org/security/2018/dsa-4187
- https://www.debian.org/security/2018/dsa-4188
- https://www.spinics.net/lists/linux-sctp/msg07036.html
- https://www.spinics.net/lists/netdev/msg482523.html
- https://access.redhat.com/errata/RHSA-2018:1854
- https://access.redhat.com/errata/RHSA-2018:2948
- https://access.redhat.com/errata/RHSA-2018:3083
- https://access.redhat.com/errata/RHSA-2018:3096
- https://access.redhat.com/errata/RHSA-2019:0641
- https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
- https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
- https://secuniaresearch.flexerasoftware.com/advisories/81331/
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/
- https://usn.ubuntu.com/3654-1/
- https://usn.ubuntu.com/3654-2/
- https://usn.ubuntu.com/3656-1/
- https://usn.ubuntu.com/3697-1/
- https://usn.ubuntu.com/3697-2/
- https://usn.ubuntu.com/3698-1/
- https://usn.ubuntu.com/3698-2/
- https://www.debian.org/security/2018/dsa-4187
- https://www.debian.org/security/2018/dsa-4188
- https://www.spinics.net/lists/linux-sctp/msg07036.html
- https://www.spinics.net/lists/netdev/msg482523.html
Closed vulnerabilities
Published: 2017-11-23
BDU:2018-00088
Уязвимость функции receive_msg (receive.c) SMTP-демона почтового сервера Exim операционной системы Debian GNU/Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2018-02-05
BDU:2018-00395
Уязвимость функции base64d компонента STMP listener почтового сервера Exim, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2016-04-07
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-1531
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
Severity: MEDIUM (6.9)
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Severity: HIGH (7.0)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00026.html
- http://packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html
- http://www.debian.org/security/2016/dsa-3517
- http://www.exim.org/static/doc/CVE-2016-1531.txt
- http://www.rapid7.com/db/modules/exploit/unix/local/exim_perl_startup
- http://www.securitytracker.com/id/1035512
- http://www.ubuntu.com/usn/USN-2933-1
- https://www.exploit-db.com/exploits/39535/
- https://www.exploit-db.com/exploits/39549/
- https://www.exploit-db.com/exploits/39702/
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00026.html
- http://packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html
- http://www.debian.org/security/2016/dsa-3517
- http://www.exim.org/static/doc/CVE-2016-1531.txt
- http://www.rapid7.com/db/modules/exploit/unix/local/exim_perl_startup
- http://www.securitytracker.com/id/1035512
- http://www.ubuntu.com/usn/USN-2933-1
- https://www.exploit-db.com/exploits/39535/
- https://www.exploit-db.com/exploits/39549/
- https://www.exploit-db.com/exploits/39702/
Published: 2017-02-01
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-9963
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
Severity: LOW (2.6)
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Severity: MEDIUM (5.9)
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
- http://www.debian.org/security/2016/dsa-3747
- http://www.exim.org/static/doc/CVE-2016-9963.txt
- http://www.securityfocus.com/bid/94947
- http://www.securitytracker.com/id/1037484
- http://www.ubuntu.com/usn/USN-3164-1
- https://bugs.exim.org/show_bug.cgi?id=1996
- http://www.debian.org/security/2016/dsa-3747
- http://www.exim.org/static/doc/CVE-2016-9963.txt
- http://www.securityfocus.com/bid/94947
- http://www.securitytracker.com/id/1037484
- http://www.ubuntu.com/usn/USN-3164-1
- https://bugs.exim.org/show_bug.cgi?id=1996
Published: 2017-06-19
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2017-1000369
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.
Severity: LOW (2.1)
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Severity: MEDIUM (4.0)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
References:
- http://www.debian.org/security/2017/dsa-3888
- http://www.securityfocus.com/bid/99252
- http://www.securitytracker.com/id/1038779
- https://access.redhat.com/security/cve/CVE-2017-1000369
- https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21
- https://security.gentoo.org/glsa/201709-19
- https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
- http://www.debian.org/security/2017/dsa-3888
- http://www.securityfocus.com/bid/99252
- http://www.securitytracker.com/id/1038779
- https://access.redhat.com/security/cve/CVE-2017-1000369
- https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21
- https://security.gentoo.org/glsa/201709-19
- https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Published: 2017-11-25
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2017-16943
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://openwall.com/lists/oss-security/2017/11/25/1
- http://openwall.com/lists/oss-security/2017/11/25/2
- http://openwall.com/lists/oss-security/2017/11/25/3
- http://www.openwall.com/lists/oss-security/2021/05/04/7
- http://www.securitytracker.com/id/1039872
- https://bugs.exim.org/show_bug.cgi?id=2199
- https://git.exim.org/exim.git/commit/4090d62a4b25782129cc1643596dc2f6e8f63bde
- https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4
- https://github.com/LetUsFsck/PoC-Exploit-Mirror/tree/master/CVE-2017-16944
- https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
- https://www.debian.org/security/2017/dsa-4053
- http://openwall.com/lists/oss-security/2017/11/25/1
- http://openwall.com/lists/oss-security/2017/11/25/2
- http://openwall.com/lists/oss-security/2017/11/25/3
- http://www.openwall.com/lists/oss-security/2021/05/04/7
- http://www.securitytracker.com/id/1039872
- https://bugs.exim.org/show_bug.cgi?id=2199
- https://git.exim.org/exim.git/commit/4090d62a4b25782129cc1643596dc2f6e8f63bde
- https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4
- https://github.com/LetUsFsck/PoC-Exploit-Mirror/tree/master/CVE-2017-16944
- https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
- https://www.debian.org/security/2017/dsa-4053
Published: 2017-11-25
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2017-16944
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://openwall.com/lists/oss-security/2017/11/25/1
- http://openwall.com/lists/oss-security/2017/11/25/2
- http://openwall.com/lists/oss-security/2017/11/25/3
- http://www.openwall.com/lists/oss-security/2021/05/04/7
- http://www.securitytracker.com/id/1039873
- https://bugs.exim.org/show_bug.cgi?id=2201
- https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
- https://www.debian.org/security/2017/dsa-4053
- https://www.exploit-db.com/exploits/43184/
- http://openwall.com/lists/oss-security/2017/11/25/1
- http://openwall.com/lists/oss-security/2017/11/25/2
- http://openwall.com/lists/oss-security/2017/11/25/3
- http://www.openwall.com/lists/oss-security/2021/05/04/7
- http://www.securitytracker.com/id/1039873
- https://bugs.exim.org/show_bug.cgi?id=2201
- https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
- https://www.debian.org/security/2017/dsa-4053
- https://www.exploit-db.com/exploits/43184/
Published: 2018-02-08
Modified: 2025-03-14
Modified: 2025-03-14
CVE-2018-6789
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://openwall.com/lists/oss-security/2018/02/10/2
- http://packetstormsecurity.com/files/162959/Exim-base64d-Buffer-Overflow.html
- http://www.openwall.com/lists/oss-security/2018/02/07/2
- http://www.securityfocus.com/bid/103049
- http://www.securitytracker.com/id/1040461
- https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/
- https://exim.org/static/doc/security/CVE-2018-6789.txt
- https://git.exim.org/exim.git/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1
- https://lists.debian.org/debian-lts-announce/2018/02/msg00009.html
- https://usn.ubuntu.com/3565-1/
- https://www.debian.org/security/2018/dsa-4110
- https://www.exploit-db.com/exploits/44571/
- https://www.exploit-db.com/exploits/45671/
- http://openwall.com/lists/oss-security/2018/02/10/2
- http://packetstormsecurity.com/files/162959/Exim-base64d-Buffer-Overflow.html
- http://www.openwall.com/lists/oss-security/2018/02/07/2
- http://www.securityfocus.com/bid/103049
- http://www.securitytracker.com/id/1040461
- https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/
- https://exim.org/static/doc/security/CVE-2018-6789.txt
- https://git.exim.org/exim.git/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1
- https://lists.debian.org/debian-lts-announce/2018/02/msg00009.html
- https://usn.ubuntu.com/3565-1/
- https://www.debian.org/security/2018/dsa-4110
- https://www.exploit-db.com/exploits/44571/
- https://www.exploit-db.com/exploits/45671/