PublicDateAtUSN: 2018-02-07
Candidate: CVE-2018-6789
PublicDate: 2018-02-08 23:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6789
 http://www.openwall.com/lists/oss-security/2018/02/07/2
 https://exim.org/static/doc/security/CVE-2018-6789.txt
 https://ubuntu.com/security/notices/USN-3565-1
Description:
 An issue was discovered in the base64d function in the SMTP listener in
 Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may
 happen. This can be used to execute code remotely.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Meh Chang
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_exim4:
upstream_exim4: released (4.90.1)
precise/esm_exim4: DNE
trusty_exim4: released (4.82-3ubuntu2.4)
trusty/esm_exim4: released (4.82-3ubuntu2.4)
xenial_exim4: released (4.86.2-2ubuntu2.3)
esm-infra/xenial_exim4: released (4.86.2-2ubuntu2.3)
artful_exim4: released (4.89-5ubuntu1.3)
devel_exim4: released (4.90.1-1ubuntu1)