Exim could be made to crash or run programs if it received specially crafted network traffic.
It was discovered that file-roller, an archive manager for GNOME, does not properly handle the extraction of archives with a single ./../ in a file path. An attacker able to provide a specially crafted archive for processing can take advantage of this flaw to overwrite files if a user
A buffer overflow flaw was discovered in Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code.
– rebase to latest upstream version 9.27 – security fixes added for: – CVE-2019-14811 (bug #1747908) – CVE-2019-14812 (bug #1747907) – CVE-2019-14813 (bug #1747906) – CVE-2019-14817 (bug #1747909)
Fix KDC crash when logging PKINIT enctypes (CVE-2019-14844) This is a purely denial-of-service issue, though it is unauthenticated, and is unlikely to trigger by accident.