[exim] CVE-2017-16943, CVE-2017-16944

Author: Heiko Schlittermann
Date:
To: exim-maintainers, exim-announce, exim-users, exim-dev
Subject: [exim] CVE-2017-16943, CVE-2017-16944

Both issues are fixed now.

    CVE-2017-16943  (RCE)       Exim Bug 2199
        master:             4e6ae6235c68de243b1c2419027472d7659aa2b4
        exim-4_89+fixes:    4090d62a4b25782129cc1643596dc2f6e8f63bde
    Fix done by Jeremy Harris

    CVE-2017-16944  (DoS)       Exim Bug 2201
        master:             178ecb70987f024f0e775d87c2f8b2cf587dd542
        exim-4_89+fixes:    4804c62909a62a3ac12ec4777ebd48c541028965
    Fix done by me.

We'll prepare a 4.89.1 release including these two fixes,
even though 4.90 is quite close.

If you can't update now, you should disable the chunking extension.
    chunking_advertise_hosts =

Distros are advised to include these commits.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -

This message was posted to the following mailing lists:
Exim-announce Mailing List Info \| Nearby Messages	[exim-announce] Critical Exim Security Vulnerability: disable chunking	Re: [exim] [exim-announce] CVE-2017-16943, CVE-2017-16944
Exim-dev Mailing List Info \| Nearby Messages	[exim-dev] [Bug 2201] Exim handles BDAT data incorrectly and leads to crash	[exim-dev] Exim 4.89.1 released
Exim-users Mailing List Info \| Nearby Messages	Re: [exim] Block tld	Re: [exim] Restrict SMTP only to authenticated, local and a spam filter

This message is part of the following thread:
	the complete thread tree sorted by date

	Randy Bush at