Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Denial of Service in opensmtpd
Aktuelle Meldungen Distributionen
Name: Denial of Service in opensmtpd
ID: FEDORA-2016-8639e25433
Distribution: Fedora
Plattformen: Fedora 25
Datum: Mi, 19. Oktober 2016, 23:17
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8594

Originalnachricht

Name        : opensmtpd
Product : Fedora 25
Version : 6.0.2p1
Release : 1.fc25
URL : http://www.opensmtpd.org/
Summary : Free implementation of the server-side SMTP protocol as defined
by RFC 5321
Description :
OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defined
by RFC 5321, with some additional standard extensions. It allows ordinary
machines to exchange e-mails with other systems speaking the SMTP protocol.
Started out of dissatisfaction with other implementations, OpenSMTPD nowadays
is a fairly complete SMTP implementation. OpenSMTPD is primarily developed
by Gilles Chehade, Eric Faurot and Charles Longeau; with contributions from
various OpenBSD hackers. OpenSMTPD is part of the OpenBSD Project.
The software is freely usable and re-usable by everyone under an ISC license.

This package uses standard "alternatives" mechanism, you may call
"/usr/sbin/alternatives --set mta /usr/sbin/sendmail.opensmtpd"
if you want to switch to OpenSMTPD MTA immediately after install, and
"/usr/sbin/alternatives --set mta /usr/sbin/sendmail.sendmail" to
revert
back to Sendmail as a default mail daemon.

-------------------------------------------------------------------------------
-
Update Information:

Changes in this release (since 6.0.1): --- - A bug in the smtp session logic
can lead to hanging sessions. [1] - A bug in portable OpenSMTPD can lead to a
server crash if PAM support is disabled and an attacker send a mail to an
account that has been disabled by setting password to a value that is causing
the crypt() call to fail. [2] [1] found and reported by James Pole [2] found
and reported by Patrick Seeburger (CVE-2016-8594)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1384046 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1384046
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update opensmtpd' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung