SUSE 5047 Published by

The following two security updates are available for SUSE Linux Enterprise:

openSUSE-SU-2024:0008-1: important: Security update for proftpd
openSUSE-SU-2024:0007-1: important: Security update for exim




openSUSE-SU-2024:0008-1: important: Security update for proftpd


openSUSE Security Update: Security update for proftpd
_______________________________

Announcement ID: openSUSE-SU-2024:0008-1
Rating: important
References: #1218144 #1218344
Cross-References: CVE-2023-48795 CVE-2023-51713
CVSS scores:
CVE-2023-48795 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2023-48795 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products:
openSUSE Backports SLE-15-SP5
_______________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for proftpd fixes the following issues:

proftpd was updated to 1.3.8b - released 19-Dec-2023

- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity
(boo#1218144)
- CVE-2023-51713: Fixed Out-of-bounds buffer read when handling FTP
commands. (boo#1218344)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2024-8=1

Package List:

- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):

proftpd-1.3.8b-bp155.2.6.1
proftpd-devel-1.3.8b-bp155.2.6.1
proftpd-doc-1.3.8b-bp155.2.6.1
proftpd-ldap-1.3.8b-bp155.2.6.1
proftpd-mysql-1.3.8b-bp155.2.6.1
proftpd-pgsql-1.3.8b-bp155.2.6.1
proftpd-radius-1.3.8b-bp155.2.6.1
proftpd-sqlite-1.3.8b-bp155.2.6.1

- openSUSE Backports SLE-15-SP5 (noarch):

proftpd-lang-1.3.8b-bp155.2.6.1

References:

https://www.suse.com/security/cve/CVE-2023-48795.html
https://www.suse.com/security/cve/CVE-2023-51713.html
https://bugzilla.suse.com/1218144
https://bugzilla.suse.com/1218344



openSUSE-SU-2024:0007-1: important: Security update for exim


openSUSE Security Update: Security update for exim
_______________________________

Announcement ID: openSUSE-SU-2024:0007-1
Rating: important
References: #1218387
Cross-References: CVE-2022-3559 CVE-2023-42114 CVE-2023-42115
CVE-2023-42116 CVE-2023-42117 CVE-2023-42119
CVE-2023-51766
CVSS scores:
CVE-2022-3559 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
openSUSE Backports SLE-15-SP5
_______________________________

An update that fixes 7 vulnerabilities is now available.

Description:

This update for exim fixes the following issues:

exim was updated to 4.97.1 (boo#1218387, CVE-2023-51766):

* Fixes for the smtp protocol smuggling (CVE-2023-51766)

exim was updated to exim 4.96:

* Move from using the pcre library to pcre2.
* Constification work in the filters module required a major version
bump for the local-scan API. Specifically, the "headers_charset"
global which is visible via the API is now const and may therefore not
be modified by local-scan code.
* Bug 2819: speed up command-line messages being read in. Previously a
time check was being done for every character; replace that with one
per buffer.
* Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the
string sent was prefixed with a length byte.
* Change the SMTP feature name for pipelining connect to be compliant
with RFC 5321. Previously Dovecot (at least) would log errors during
submission.
* Fix macro-definition during "-be" expansion testing. The move to
write-protected store for macros had not accounted for these runtime
additions; fix by removing this protection for "-be" mode.
* Convert all uses of select() to poll().
* Fix use of $sender_host_name in daemon process. When used in certain
main-section options or in a connect ACL, the value from the first
ever connection was never replaced for subsequent connections.
* Bug 2838: Fix for i32lp64 hard-align platforms
* Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value
with underbars is given.
* Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters.
* Debugging initiated by an ACL control now continues through into
routing and transport processes.
* The "expand" debug selector now gives more detail, specifically on the
result of expansion operators and items.
* Bug 2751: Fix include_directory in redirect routers. Previously a bad
comparison between the option value and the name of the file to be
included was done, and a mismatch was wrongly identified.
* Support for Berkeley DB versions 1 and 2 is withdrawn.
* When built with NDBM for hints DB's check for nonexistence of a name
supplied as the db file-pair basename.
* Remove the "allow_insecure_tainted_data" main config option and the
"taint" log_selector.
* Fix static address-list lookups to properly return the matched item.
Previously only the domain part was returned.
* The ${run} expansion item now expands its command string elements
after splitting. Previously it was before; the new ordering makes
handling zero-length arguments simpler.
* Taint-check exec arguments for transport-initiated external processes.
Previously, tainted values could be used. This affects "pipe", "lmtp"
and "queryprogram" transport, transport-filter, and ETRN commands. The
${run} expansion is also affected: in "preexpand" mode no part of the
command line may be tainted, in default mode the executable name may
not be tainted.
* Fix CHUNKING on a continued-transport. Previously the usabilility of
the facility was not passed across execs, and only the first message
passed over a connection could use BDAT; any further ones using DATA.
* Support the PIPECONNECT facility in the smtp transport when the
helo_data uses $sending_ip_address and an interface is specified.
* OpenSSL: fix transport-required OCSP stapling verification under
session resumption.
* TLS resumption: the key for session lookup in the client now includes
more info that a server could potentially use in configuring a TLS
session, avoiding oferring mismatching sessions to such a server.
* Fix string_copyn() for limit greater than actual string length.
* Bug 2886: GnuTLS: Do not free the cached creds on transport connection
close; it may be needed for a subsequent connection.
* Fix CHUNKING for a second message on a connection when the first was
rejected.
* Fix ${srs_encode ...} to handle an empty sender address, now returning
an empty address.
* Bug 2855: Handle a v4mapped sender address given us by a frontending
proxy.

update to exim 4.95

* includes taintwarn (taintwarn.patch)
* fast-ramp queue run
* native SRS
* TLS resumption
* LMDB lookups with single key
* smtp transport option "message_linelength_limit"
* optionally ignore lookup caches
* quota checking for appendfile transport during message reception
* sqlite lookups allow a "file=" option
* lsearch lookups allow a "ret=full" option
* command line option for the notifier socket
* faster TLS startup
* new main config option "proxy_protocol_timeout"
* expand "smtp_accept_max_per_connection"
* log selector "queue_size_exclusive"
* main config option "smtp_backlog_monitor"
* main config option "hosts_require_helo"
* main config option "allow_insecure_tainted_data"

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2024-7=1

Package List:

- openSUSE Backports SLE-15-SP5 (aarch64 ppc64le s390x x86_64):

exim-4.97.1-bp155.5.9.1
eximon-4.97.1-bp155.5.9.1
eximstats-html-4.97.1-bp155.5.9.1

References:

https://www.suse.com/security/cve/CVE-2022-3559.html
https://www.suse.com/security/cve/CVE-2023-42114.html
https://www.suse.com/security/cve/CVE-2023-42115.html
https://www.suse.com/security/cve/CVE-2023-42116.html
https://www.suse.com/security/cve/CVE-2023-42117.html
https://www.suse.com/security/cve/CVE-2023-42119.html
https://www.suse.com/security/cve/CVE-2023-51766.html
https://bugzilla.suse.com/1218387