CVE-2017-1000369 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-1000369 Interim 1 18 2023-12-09T00:57:20Z current 2021-05-30T14:06:15Z 2023-12-09T00:57:20Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-1000369 Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CNHESI33OEYOGLVKELXFNQ5SRS5J3TQX/#CNHESI33OEYOGLVKELXFNQ5SRS5J3TQX E-Mail link for openSUSE-SU-2017:1625-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KIQKQNUAH5RAT3NKW2SJLHENHYNK7VV2/#KIQKQNUAH5RAT3NKW2SJLHENHYNK7VV2 E-Mail link for openSUSE-SU-2017:2289-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4UGIR4NXSH3ADTQNJZHHL5EVSFNXRGTQ/ E-Mail link for openSUSE-SU-2021:0677-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UMX36VOLIS2TDKA3MXOUO365NDUK5WQ3/ E-Mail link for openSUSE-SU-2021:0753-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3FZPX7R5ELKQM2EW7W2JYZ7EFIIDTT4E/ E-Mail link for openSUSE-SU-2021:0754-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP1 SUSE Package Hub 15 SP2 openSUSE Leap 15.2 openSUSE Tumbleweed exim-4.94.2-4.2 exim-4.94.2-bp151.2.4.1 exim-4.94.2-bp152.6.4.1 exim-4.94.2-lp152.8.3.1 eximon-4.94.2-4.2 eximon-4.94.2-bp151.2.4.1 eximon-4.94.2-bp152.6.4.1 eximon-4.94.2-lp152.8.3.1 eximstats-html-4.94.2-4.2 eximstats-html-4.94.2-bp151.2.4.1 eximstats-html-4.94.2-bp152.6.4.1 eximstats-html-4.94.2-lp152.8.3.1 libspf2-2-1.2.10-bp151.4.1 libspf2-2-1.2.10-bp152.5.1 libspf2-devel-1.2.10-bp151.4.1 libspf2-devel-1.2.10-bp152.5.1 libspf2-tools-1.2.10-bp151.4.1 libspf2-tools-1.2.10-bp152.5.1 exim-4.94.2-bp151.2.4.1 as a component of SUSE Package Hub 15 SP1 eximon-4.94.2-bp151.2.4.1 as a component of SUSE Package Hub 15 SP1 eximstats-html-4.94.2-bp151.2.4.1 as a component of SUSE Package Hub 15 SP1 libspf2-2-1.2.10-bp151.4.1 as a component of SUSE Package Hub 15 SP1 libspf2-devel-1.2.10-bp151.4.1 as a component of SUSE Package Hub 15 SP1 libspf2-tools-1.2.10-bp151.4.1 as a component of SUSE Package Hub 15 SP1 exim-4.94.2-bp152.6.4.1 as a component of SUSE Package Hub 15 SP2 eximon-4.94.2-bp152.6.4.1 as a component of SUSE Package Hub 15 SP2 eximstats-html-4.94.2-bp152.6.4.1 as a component of SUSE Package Hub 15 SP2 libspf2-2-1.2.10-bp152.5.1 as a component of SUSE Package Hub 15 SP2 libspf2-devel-1.2.10-bp152.5.1 as a component of SUSE Package Hub 15 SP2 libspf2-tools-1.2.10-bp152.5.1 as a component of SUSE Package Hub 15 SP2 exim-4.94.2-lp152.8.3.1 as a component of openSUSE Leap 15.2 eximon-4.94.2-lp152.8.3.1 as a component of openSUSE Leap 15.2 eximstats-html-4.94.2-lp152.8.3.1 as a component of openSUSE Leap 15.2 exim-4.94.2-4.2 as a component of openSUSE Tumbleweed eximon-4.94.2-4.2 as a component of openSUSE Tumbleweed eximstats-html-4.94.2-4.2 as a component of openSUSE Tumbleweed Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time. CVE-2017-1000369 SUSE Package Hub 15 SP1:exim-4.94.2-bp151.2.4.1 SUSE Package Hub 15 SP1:eximon-4.94.2-bp151.2.4.1 SUSE Package Hub 15 SP1:eximstats-html-4.94.2-bp151.2.4.1 SUSE Package Hub 15 SP1:libspf2-2-1.2.10-bp151.4.1 SUSE Package Hub 15 SP1:libspf2-devel-1.2.10-bp151.4.1 SUSE Package Hub 15 SP1:libspf2-tools-1.2.10-bp151.4.1 SUSE Package Hub 15 SP2:exim-4.94.2-bp152.6.4.1 SUSE Package Hub 15 SP2:eximon-4.94.2-bp152.6.4.1 SUSE Package Hub 15 SP2:eximstats-html-4.94.2-bp152.6.4.1 SUSE Package Hub 15 SP2:libspf2-2-1.2.10-bp152.5.1 SUSE Package Hub 15 SP2:libspf2-devel-1.2.10-bp152.5.1 SUSE Package Hub 15 SP2:libspf2-tools-1.2.10-bp152.5.1 openSUSE Leap 15.2:exim-4.94.2-lp152.8.3.1 openSUSE Leap 15.2:eximon-4.94.2-lp152.8.3.1 openSUSE Leap 15.2:eximstats-html-4.94.2-lp152.8.3.1 openSUSE Tumbleweed:exim-4.94.2-4.2 openSUSE Tumbleweed:eximon-4.94.2-4.2 openSUSE Tumbleweed:eximstats-html-4.94.2-4.2 low 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N