Security update exim SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1524-1 Final 1 1 2019-06-07T05:44:58Z current 2019-06-07T05:44:58Z 2019-06-07T05:44:58Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update exim exim was updated to fix a security issue. - CVE-2019-10149: Fixed a Remote Command Execution in exim (bsc#1136587) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1524 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MSHI6H5JMKAAO5PV4XT32SOANX5LGJM2/#MSHI6H5JMKAAO5PV4XT32SOANX5LGJM2 E-Mail link for openSUSE-SU-2019:1524-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1136587 SUSE Bug 1136587 https://www.suse.com/security/cve/CVE-2019-10149/ SUSE CVE CVE-2019-10149 page openSUSE Leap 15.0 openSUSE Leap 15.1 exim-4.88-lp151.4.3.1 eximon-4.88-lp151.4.3.1 eximstats-html-4.88-lp151.4.3.1 exim-4.88-lp151.4.3.1 as a component of openSUSE Leap 15.0 eximon-4.88-lp151.4.3.1 as a component of openSUSE Leap 15.0 eximstats-html-4.88-lp151.4.3.1 as a component of openSUSE Leap 15.0 exim-4.88-lp151.4.3.1 as a component of openSUSE Leap 15.1 eximon-4.88-lp151.4.3.1 as a component of openSUSE Leap 15.1 eximstats-html-4.88-lp151.4.3.1 as a component of openSUSE Leap 15.1 A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. CVE-2019-10149 openSUSE Leap 15.0:exim-4.88-lp151.4.3.1 openSUSE Leap 15.0:eximon-4.88-lp151.4.3.1 openSUSE Leap 15.0:eximstats-html-4.88-lp151.4.3.1 openSUSE Leap 15.1:exim-4.88-lp151.4.3.1 openSUSE Leap 15.1:eximon-4.88-lp151.4.3.1 openSUSE Leap 15.1:eximstats-html-4.88-lp151.4.3.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MSHI6H5JMKAAO5PV4XT32SOANX5LGJM2/#MSHI6H5JMKAAO5PV4XT32SOANX5LGJM2 https://www.suse.com/security/cve/CVE-2019-10149.html CVE-2019-10149 https://bugzilla.suse.com/1136587 SUSE Bug 1136587