ASA-202503-1 log raw

[ASA-202503-1] exim: privilege escalation
Arch Linux Security Advisory ASA-202503-1 ========================================= Severity: High Date : 2025-03-26 CVE-ID : CVE-2025-30232 Package : exim Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-2859 Summary ======= The package exim before version 4.98.2-1 is vulnerable to privilege escalation. Resolution ========== Upgrade to 4.98.2-1. # pacman -Syu "exim>=4.98.2-1" The problem has been fixed upstream in version 4.98.2. Workaround ========== None. Description =========== A use-after-free has been discovered in exim that can lead to potential privilege escalation due to the lack of nulling out the debug_pretrigger_buf pointer before freeing the buffer by the storage management. Impact ====== A local unprivileged attacker is able to escalate privileges on the affected host. References ========== https://exim.org/static/doc/security/CVE-2025-30232.txt https://lists.exim.org/lurker/message/20250326.140105.6b97555b.en.html https://code.exim.org/exim/exim/commit/be040d7df68a8cbb244aaabc37832984dafcbf55 https://security.archlinux.org/CVE-2025-30232