From 048e70792768c1d0be58df0ffd46467e011445e46798b2b13e84288a835a1f68 Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Thu, 22 Jun 2017 14:02:16 +0000 Subject: [PATCH] Accepting request 504846 from home:msmeissn:branches:server:mail - exim-CVE-2017-1000369.patch: Fixed memory leaks that could be exploited to "stack crash" local privilege escalation (bsc#1044692) - Require user(mail) group(mail) to meet new users handling in TW. - Prerequire permissions (fixes rpmlint). CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch OBS-URL: https://build.opensuse.org/request/show/504846 OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=184 --- exim-CVE-2017-1000369.patch | 43 +++++++++++++++++++++++++++++++++++++ exim.changes | 11 ++++++++++ exim.spec | 11 ++++++++-- 3 files changed, 63 insertions(+), 2 deletions(-) create mode 100644 exim-CVE-2017-1000369.patch diff --git a/exim-CVE-2017-1000369.patch b/exim-CVE-2017-1000369.patch new file mode 100644 index 0000000..13d70fa --- /dev/null +++ b/exim-CVE-2017-1000369.patch @@ -0,0 +1,43 @@ +commit 65e061b76867a9ea7aeeb535341b790b90ae6c21 +Author: Heiko Schlittermann (HS12-RIPE) +Date: Wed May 31 23:08:56 2017 +0200 + + Cleanup (prevent repeated use of -p/-oMr to avoid mem leak) + +diff --git a/src/exim.c b/src/src/exim.c +index 67583e58..88e11977 100644 +--- a/src/exim.c ++++ b/src/exim.c +@@ -3106,7 +3106,14 @@ for (i = 1; i < argc; i++) + + /* -oMr: Received protocol */ + +- else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i]; ++ else if (Ustrcmp(argrest, "Mr") == 0) ++ ++ if (received_protocol) ++ { ++ fprintf(stderr, "received_protocol is set already\n"); ++ exit(EXIT_FAILURE); ++ } ++ else received_protocol = argv[++i]; + + /* -oMs: Set sender host name */ + +@@ -3202,7 +3209,15 @@ for (i = 1; i < argc; i++) + + if (*argrest != 0) + { +- uschar *hn = Ustrchr(argrest, ':'); ++ uschar *hn; ++ ++ if (received_protocol) ++ { ++ fprintf(stderr, "received_protocol is set already\n"); ++ exit(EXIT_FAILURE); ++ } ++ ++ hn = Ustrchr(argrest, ':'); + if (hn == NULL) + { + received_protocol = argrest; diff --git a/exim.changes b/exim.changes index f8012bf..29faac6 100644 --- a/exim.changes +++ b/exim.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Mon Jun 19 16:27:45 UTC 2017 - meissner@suse.com + +- exim-CVE-2017-1000369.patch: Fixed memory leaks that could be + exploited to "stack crash" local privilege escalation (bsc#1044692) + +- Require user(mail) group(mail) to meet new users handling in TW. + +- Prerequire permissions (fixes rpmlint). + ------------------------------------------------------------------- Mon Apr 24 07:45:00 UTC 2017 - wullinger@rz.uni-kiel.de @@ -12,6 +22,7 @@ Mon Apr 24 07:45:00 UTC 2017 - wullinger@rz.uni-kiel.de + Don't issue env warning if env is empty - fix CVE-2016-9963: DKIM information leakage + CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch ------------------------------------------------------------------- Mon Apr 4 15:55:31 UTC 2016 - e.istomin@edss.ee diff --git a/exim.spec b/exim.spec index 070d756..8e9459f 100644 --- a/exim.spec +++ b/exim.spec @@ -61,8 +61,13 @@ BuildRequires: pkgconfig(systemd) %else Requires(pre): %insserv_prereq %endif -Requires(pre): %fillup_prereq -Requires(pre): /usr/sbin/useradd +Requires(pre): %fillup_prereq permissions +%if 0%{?suse_version} >= 1330 +BuildRequires: group(mail) +BuildRequires: user(mail) +Requires(pre): user(mail) +Requires(pre): group(mail) +%endif Requires(pre): fileutils textutils %endif Version: 4.86.2 @@ -97,6 +102,7 @@ Source40: exim.service Patch0: exim-tail.patch Patch1: exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch Patch2: fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch +Patch3: exim-CVE-2017-1000369.patch %package -n eximon Summary: Eximon, an graphical frontend to administer Exim's mail queue @@ -141,6 +147,7 @@ once, if at all. The rest is done by logrotate / cron.) %patch0 %patch1 -p 1 %patch2 -p 1 +%patch3 -p 1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 fPIE="-fPIE"