today i was informed about the CVE-2019-15846 (https://nvd.nist.gov/vuln/detail/CVE-2019-15846). In my department we have to look at this and check if it is existing at one of our machines. I wanted to check these machines with the GSM (150V/CENO) but i didn’t find the CVE in the database.
Therefore i updated the feeds but nothing still happened. All i found was the associated CB-K19-0777 (https://www.cert-bund.de/advisoryshort/CB-K19-0777).
So please could you let me know if the CVE is coming soon?
A version based check should be available in the feed since Friday evening:
Name: Exim < 4.92.2 RCE Vulnerability
Additional authentication based checks (Local Security Checks/LSC) for Debian are available as of today (the SecInfo Portal is lacking behind a day and the links might not work currently):
Name: Debian Security Advisory DSA 4517-1 (exim4 - security update)
Name: Debian LTS Advisory ([SECURITY] [DLA 1911-1] exim4 security update)
Coverage for additional Linux Distributions (e.g. RHEL, Ubuntu, Fedora, …) will follow in the next few days based on the availability of vendor advisories.