An update for exim is now available for openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1928 Final 1.0 1.0 2024-08-02 Initial 2024-08-02 2024-08-02 openEuler SA Tool V1.0 2024-08-02 exim security update An update for exim is now available for openEuler-24.03-LTS. Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flexibility in the way mail can be routed, and there are extensive facilities for checking incoming mail. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail. Security Fix(es): Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.(CVE-2023-51766) An update for exim is now available for openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium exim https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1928 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-51766 https://nvd.nist.gov/vuln/detail/CVE-2023-51766 openEuler-24.03-LTS exim-4.97.1-2.oe2403.aarch64.rpm exim-debugsource-4.97.1-2.oe2403.aarch64.rpm exim-greylist-4.97.1-2.oe2403.aarch64.rpm exim-debuginfo-4.97.1-2.oe2403.aarch64.rpm exim-mysql-4.97.1-2.oe2403.aarch64.rpm exim-mon-4.97.1-2.oe2403.aarch64.rpm exim-pgsql-4.97.1-2.oe2403.aarch64.rpm exim-clamav-4.97.1-2.oe2403.aarch64.rpm exim-4.97.1-2.oe2403.src.rpm exim-greylist-4.97.1-2.oe2403.x86_64.rpm exim-clamav-4.97.1-2.oe2403.x86_64.rpm exim-pgsql-4.97.1-2.oe2403.x86_64.rpm exim-debuginfo-4.97.1-2.oe2403.x86_64.rpm exim-mysql-4.97.1-2.oe2403.x86_64.rpm exim-mon-4.97.1-2.oe2403.x86_64.rpm exim-4.97.1-2.oe2403.x86_64.rpm exim-debugsource-4.97.1-2.oe2403.x86_64.rpm Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. 2024-08-02 CVE-2023-51766 openEuler-24.03-LTS Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N exim security update 2024-08-02 https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1928