English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.833631
Categoría:openSUSE Local Security Checks
Título:openSUSE Security Advisory (openSUSE-SU-2024:0007-1)
Resumen:The remote host is missing an update for the 'exim' package(s) announced via the openSUSE-SU-2024:0007-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'exim' package(s) announced via the openSUSE-SU-2024:0007-1 advisory.

Vulnerability Insight:
This update for exim fixes the following issues:

exim was updated to 4.97.1 (boo#1218387, CVE-2023-51766):

* Fixes for the smtp protocol smuggling (CVE-2023-51766)

exim was updated to exim 4.96:

* Move from using the pcre library to pcre2.
* Constification work in the filters module required a major version
bump for the local-scan API. Specifically, the 'headers_charset'
global which is visible via the API is now const and may therefore
not be modified by local-scan code.
* Bug 2819: speed up command-line messages being read in. Previously a
time check was being done for every character, replace that with one
per buffer.
* Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string
sent was prefixed with a length byte.
* Change the SMTP feature name for pipelining connect to be compliant with
RFC 5321. Previously Dovecot (at least) would log errors during
submission.
* Fix macro-definition during '-be' expansion testing. The move to
write-protected store for macros had not accounted for these runtime
additions, fix by removing this protection for '-be' mode.
* Convert all uses of select() to poll().
* Fix use of $sender_host_name in daemon process. When used in certain
main-section options or in a connect ACL, the value from the first ever
connection was never replaced for subsequent connections.
* Bug 2838: Fix for i32lp64 hard-align platforms
* Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value
with underbars is given.
* Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters.
* Debugging initiated by an ACL control now continues through into routing
and transport processes.
* The 'expand' debug selector now gives more detail, specifically on the
result of expansion operators and items.
* Bug 2751: Fix include_directory in redirect routers. Previously a
bad comparison between the option value and the name of the file to
be included was done, and a mismatch was wrongly identified.
* Support for Berkeley DB versions 1 and 2 is withdrawn.
* When built with NDBM for hints DB's check for nonexistence of a name
supplied as the db file-pair basename.
* Remove the 'allow_insecure_tainted_data' main config option and the
'taint' log_selector.
* Fix static address-list lookups to properly return the matched item.
Previously only the domain part was returned.
* The ${run} expansion item now expands its command string elements after
splitting. Previously it was before, the new ordering makes handling
zero-length arguments simpler.
* Taint-check exec arguments for transport-initiated external processes.
Previously, tainted values could be used. This affects 'pipe', 'lmtp' and
'queryprogram' transport, transport-filter, and ETRN commands.
The ${run} expansion is also affected: in 'preexpand' mode no part of
the command line may be tainted, in default mode the executable name
may not be tainted.
* ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'exim' package(s) on openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-3559
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WFHLZVHNNO2GWYP5EA4TZQZ5O4GVPARR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMQ6OCKPNPBPSD37YR4FOWV2R54M2UEP/
https://bugs.exim.org/show_bug.cgi?id=2915
https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2
https://vuldb.com/?id.211073
Common Vulnerability Exposure (CVE) ID: CVE-2023-42114
ZDI-23-1468
https://www.zerodayinitiative.com/advisories/ZDI-23-1468/
Common Vulnerability Exposure (CVE) ID: CVE-2023-42115
ZDI-23-1469
https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
Common Vulnerability Exposure (CVE) ID: CVE-2023-42116
ZDI-23-1470
https://www.zerodayinitiative.com/advisories/ZDI-23-1470/
Common Vulnerability Exposure (CVE) ID: CVE-2023-42117
ZDI-23-1471
https://www.zerodayinitiative.com/advisories/ZDI-23-1471/
Common Vulnerability Exposure (CVE) ID: CVE-2023-42119
ZDI-23-1473
https://www.zerodayinitiative.com/advisories/ZDI-23-1473/
Common Vulnerability Exposure (CVE) ID: CVE-2023-51766
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPDWHJPABVJCXDSNELSSVTIVAJU2MDUQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORN7OKEQPPBKUHYRQ6LR5PSNBQVDHAWB/
https://bugs.exim.org/show_bug.cgi?id=3063
https://bugzilla.redhat.com/show_bug.cgi?id=2255852
https://exim.org/static/doc/security/CVE-2023-51766.txt
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html
https://git.exim.org/exim.git/commit/5bb786d5ad568a88d50d15452aacc8404047e5ca
https://git.exim.org/exim.git/commit/cf1376206284f2a4f11e32d931d4aade34c206c5
https://lwn.net/Articles/956533/
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
https://www.openwall.com/lists/oss-security/2023/12/23/2
https://www.youtube.com/watch?v=V8KPV96g1To
https://lists.debian.org/debian-lts-announce/2024/01/msg00002.html
http://www.openwall.com/lists/oss-security/2023/12/24/1
http://www.openwall.com/lists/oss-security/2023/12/25/1
http://www.openwall.com/lists/oss-security/2023/12/29/2
http://www.openwall.com/lists/oss-security/2024/01/01/1
http://www.openwall.com/lists/oss-security/2024/01/01/2
http://www.openwall.com/lists/oss-security/2024/01/01/3
CopyrightCopyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.