An update for exim is now available for openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1927 Final 1.0 1.0 2024-08-02 Initial 2024-08-02 2024-08-02 openEuler SA Tool V1.0 2024-08-02 exim security update An update for exim is now available for openEuler-22.03-LTS-SP4. Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flexibility in the way mail can be routed, and there are extensive facilities for checking incoming mail. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail. Security Fix(es): A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.(CVE-2022-3559) Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.(CVE-2023-51766) An update for exim is now available for openEuler-22.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High exim https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1927 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-3559 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-51766 https://nvd.nist.gov/vuln/detail/CVE-2022-3559 https://nvd.nist.gov/vuln/detail/CVE-2023-51766 openEuler-22.03-LTS-SP4 exim-debugsource-4.96-3.oe2203sp4.aarch64.rpm exim-4.96-3.oe2203sp4.aarch64.rpm exim-clamav-4.96-3.oe2203sp4.aarch64.rpm exim-pgsql-4.96-3.oe2203sp4.aarch64.rpm exim-mon-4.96-3.oe2203sp4.aarch64.rpm exim-debuginfo-4.96-3.oe2203sp4.aarch64.rpm exim-mysql-4.96-3.oe2203sp4.aarch64.rpm exim-greylist-4.96-3.oe2203sp4.aarch64.rpm exim-4.96-3.oe2203sp4.src.rpm exim-debugsource-4.96-3.oe2203sp4.x86_64.rpm exim-mysql-4.96-3.oe2203sp4.x86_64.rpm exim-clamav-4.96-3.oe2203sp4.x86_64.rpm exim-4.96-3.oe2203sp4.x86_64.rpm exim-pgsql-4.96-3.oe2203sp4.x86_64.rpm exim-debuginfo-4.96-3.oe2203sp4.x86_64.rpm exim-mon-4.96-3.oe2203sp4.x86_64.rpm exim-greylist-4.96-3.oe2203sp4.x86_64.rpm A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability. 2024-08-02 CVE-2022-3559 openEuler-22.03-LTS-SP4 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H exim security update 2024-08-02 https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1927 Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. 2024-08-02 CVE-2023-51766 openEuler-22.03-LTS-SP4 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N exim security update 2024-08-02 https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1927