lists.archlinux.org
Sign In
Sign Up
Manage this list
Sign In
Sign Up
×
Keyboard Shortcuts
Thread View
j
: Next unread message
k
: Previous unread message
j a
: Jump to all threads
j l
: Jump to MailingList overview
Arch-security
Thread
Start a new thread
Download
Threads by
month
----- 2025 -----
April
March
February
January
----- 2024 -----
December
November
October
September
August
July
June
May
April
March
February
January
----- 2023 -----
December
November
October
September
August
July
June
May
April
March
February
January
----- 2022 -----
December
November
October
September
August
July
June
May
April
March
February
January
----- 2021 -----
December
November
October
September
August
July
June
May
April
March
February
January
----- 2020 -----
December
November
October
September
August
July
June
May
April
March
February
January
----- 2019 -----
December
November
October
September
August
July
June
May
April
March
February
January
----- 2018 -----
December
November
October
September
August
July
June
May
April
March
February
January
----- 2017 -----
December
November
October
September
August
July
June
May
April
March
February
January
----- 2016 -----
December
November
October
September
August
July
June
May
April
March
February
January
----- 2015 -----
December
November
October
September
August
July
June
May
April
March
February
January
----- 2014 -----
December
November
October
September
August
July
June
May
April
March
arch-security@lists.archlinux.org
March 2025
1 participants
1 discussions
[ASA-202503-1] exim: privilege escalation
by Levente Polyak
26 Mar '25
26 Mar '25
Arch Linux Security Advisory ASA-202503-1 ========================================= Severity: High Date : 2025-03-26 CVE-ID : CVE-2025-30232 Package : exim Type : privilege escalation Remote : No Link :
https://security.archlinux.org/AVG-2859
Summary ======= The package exim before version 4.98.2-1 is vulnerable to privilege escalation. Resolution ========== Upgrade to 4.98.2-1. # pacman -Syu "exim>=4.98.2-1" The problem has been fixed upstream in version 4.98.2. Workaround ========== None. Description =========== A use-after-free has been discovered in exim that can lead to potential privilege escalation due to the lack of nulling out the debug_pretrigger_buf pointer before freeing the buffer by the storage management. Impact ====== A local unprivileged attacker is able to escalate privileges on the affected host. References ==========
https://exim.org/static/doc/security/CVE-2025-30232.txt
https://lists.exim.org/lurker/message/20250326.140105.6b97555b.en.html
https://code.exim.org/exim/exim/commit/be040d7df68a8cbb244aaabc37832984dafc…
https://security.archlinux.org/CVE-2025-30232
1
0
0
0
Results per page:
10
25
50
100
200