{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"exim security update", "category":"general", "title":"Synopsis" }, { "text":"An update for exim is now available for openEuler-22.03-LTS-SP3.", "category":"general", "title":"Summary" }, { "text":"Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flexibility in the way mail can be routed, and there are extensive facilities for checking incoming mail. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail.\n\nSecurity Fix(es):\n\nA vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.(CVE-2022-3559)\n\nExim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some other popular e-mail servers do not.(CVE-2023-51766)", "category":"general", "title":"Description" }, { "text":"An update for exim is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"exim", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2024-1926", "category":"self", "url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1926" }, { "summary":"CVE-2022-3559", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-3559&packageName=exim" }, { "summary":"CVE-2023-51766", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-51766&packageName=exim" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3559" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-51766" }, { "summary":"openEuler-SA-2024-1926 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1926.json" } ], "title":"An update for exim is now available for openEuler-22.03-LTS-SP3", "tracking":{ "initial_release_date":"2024-08-02T19:42:00+08:00", "revision_history":[ { "date":"2024-08-02T19:42:00+08:00", "summary":"Initial", "number":"1.0.0" }, { "date":"2024-08-05T11:31:00+08:00", "summary":"final", "number":"2.0.0" } ], "generator":{ "date":"2024-08-05T11:31:00+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-08-05T11:31:00+08:00", "id":"openEuler-SA-2024-1926", "version":"2.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"openEuler-22.03-LTS-SP3", "name":"openEuler-22.03-LTS-SP3" }, "name":"openEuler-22.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"exim-debuginfo-4.96-3.oe2203sp3.aarch64.rpm", "name":"exim-debuginfo-4.96-3.oe2203sp3.aarch64.rpm" }, "name":"exim-debuginfo-4.96-3.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"exim-greylist-4.96-3.oe2203sp3.aarch64.rpm", "name":"exim-greylist-4.96-3.oe2203sp3.aarch64.rpm" }, "name":"exim-greylist-4.96-3.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"exim-mysql-4.96-3.oe2203sp3.aarch64.rpm", "name":"exim-mysql-4.96-3.oe2203sp3.aarch64.rpm" }, "name":"exim-mysql-4.96-3.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"exim-clamav-4.96-3.oe2203sp3.aarch64.rpm", "name":"exim-clamav-4.96-3.oe2203sp3.aarch64.rpm" }, "name":"exim-clamav-4.96-3.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"exim-debugsource-4.96-3.oe2203sp3.aarch64.rpm", "name":"exim-debugsource-4.96-3.oe2203sp3.aarch64.rpm" }, "name":"exim-debugsource-4.96-3.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"exim-4.96-3.oe2203sp3.aarch64.rpm", "name":"exim-4.96-3.oe2203sp3.aarch64.rpm" }, "name":"exim-4.96-3.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"exim-mon-4.96-3.oe2203sp3.aarch64.rpm", "name":"exim-mon-4.96-3.oe2203sp3.aarch64.rpm" }, "name":"exim-mon-4.96-3.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"exim-pgsql-4.96-3.oe2203sp3.aarch64.rpm", "name":"exim-pgsql-4.96-3.oe2203sp3.aarch64.rpm" }, "name":"exim-pgsql-4.96-3.oe2203sp3.aarch64.rpm", "category":"product_version" } ], "category":"product_name" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"exim-4.96-3.oe2203sp3.src.rpm", "name":"exim-4.96-3.oe2203sp3.src.rpm" }, "name":"exim-4.96-3.oe2203sp3.src.rpm", "category":"product_version" } ], "category":"product_name" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"exim-mon-4.96-3.oe2203sp3.x86_64.rpm", "name":"exim-mon-4.96-3.oe2203sp3.x86_64.rpm" }, "name":"exim-mon-4.96-3.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"exim-greylist-4.96-3.oe2203sp3.x86_64.rpm", "name":"exim-greylist-4.96-3.oe2203sp3.x86_64.rpm" }, "name":"exim-greylist-4.96-3.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"exim-pgsql-4.96-3.oe2203sp3.x86_64.rpm", "name":"exim-pgsql-4.96-3.oe2203sp3.x86_64.rpm" }, "name":"exim-pgsql-4.96-3.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"exim-debugsource-4.96-3.oe2203sp3.x86_64.rpm", "name":"exim-debugsource-4.96-3.oe2203sp3.x86_64.rpm" }, "name":"exim-debugsource-4.96-3.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"exim-mysql-4.96-3.oe2203sp3.x86_64.rpm", "name":"exim-mysql-4.96-3.oe2203sp3.x86_64.rpm" }, "name":"exim-mysql-4.96-3.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"exim-debuginfo-4.96-3.oe2203sp3.x86_64.rpm", "name":"exim-debuginfo-4.96-3.oe2203sp3.x86_64.rpm" }, "name":"exim-debuginfo-4.96-3.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"exim-clamav-4.96-3.oe2203sp3.x86_64.rpm", "name":"exim-clamav-4.96-3.oe2203sp3.x86_64.rpm" }, "name":"exim-clamav-4.96-3.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"exim-4.96-3.oe2203sp3.x86_64.rpm", "name":"exim-4.96-3.oe2203sp3.x86_64.rpm" }, "name":"exim-4.96-3.oe2203sp3.x86_64.rpm", "category":"product_version" } ], "category":"product_name" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"exim-debuginfo-4.96-3.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.aarch64", "name":"exim-debuginfo-4.96-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"exim-greylist-4.96-3.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.aarch64", "name":"exim-greylist-4.96-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"exim-mysql-4.96-3.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.aarch64", "name":"exim-mysql-4.96-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"exim-clamav-4.96-3.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.aarch64", "name":"exim-clamav-4.96-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"exim-debugsource-4.96-3.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.aarch64", "name":"exim-debugsource-4.96-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"exim-4.96-3.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.aarch64", "name":"exim-4.96-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"exim-mon-4.96-3.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.aarch64", "name":"exim-mon-4.96-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"exim-pgsql-4.96-3.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.aarch64", "name":"exim-pgsql-4.96-3.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"exim-4.96-3.oe2203sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.src", "name":"exim-4.96-3.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"exim-mon-4.96-3.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.x86_64", "name":"exim-mon-4.96-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"exim-greylist-4.96-3.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.x86_64", "name":"exim-greylist-4.96-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"exim-pgsql-4.96-3.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.x86_64", "name":"exim-pgsql-4.96-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"exim-debugsource-4.96-3.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.x86_64", "name":"exim-debugsource-4.96-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"exim-mysql-4.96-3.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.x86_64", "name":"exim-mysql-4.96-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"exim-debuginfo-4.96-3.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.x86_64", "name":"exim-debuginfo-4.96-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"exim-clamav-4.96-3.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.x86_64", "name":"exim-clamav-4.96-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"exim-4.96-3.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.x86_64", "name":"exim-4.96-3.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2022-3559", "notes":[ { "text":"A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.src", "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.src", "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.x86_64" ], "details":"exim security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1926" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.src", "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2022-3559" }, { "cve":"CVE-2023-51766", "notes":[ { "text":"Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some other popular e-mail servers do not.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.src", "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.src", "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.x86_64" ], "details":"exim security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1926" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.src", "openEuler-22.03-LTS-SP3:exim-mon-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-greylist-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-pgsql-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-debugsource-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-mysql-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-debuginfo-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-clamav-4.96-3.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:exim-4.96-3.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2023-51766" } ] }