Sicherheit: Fehlerhafte Zugriffsrechte in ssmtp
Aktuelle Meldungen Distributionen
Name: Fehlerhafte Zugriffsrechte in ssmtp
ID: FEDORA-2013-10128
Distribution: Fedora
Plattformen: Fedora 17
Datum: Do, 4. Juli 2013, 08:43
Referenzen: Keine Angabe
Applikationen: ssmtp


Name        : ssmtp
Product : Fedora 17
Version : 2.61
Release : 20.fc17
URL : http://packages.debian.org/stable/mail/ssmtp
Summary : Extremely simple MTA to get mail off the system to a Mailhub
Description :
A secure, effective and simple way of getting mail off a system to your mail
hub. It contains no suid-binaries or other dangerous things - no mail spool
to poke around in, and no daemons running in the background. Mail is simply
forwarded to the configured mailhost. Extremely easy configuration.

WARNING: the above is all it does; it does not receive mail nor manage queues.
That belongs on a mail hub with a system administrator.

Update Information:

Removes world read access from the configuration file thus prohibiting reading
of the password stored inside it.

* Tue Jun 4 2013 Manuel "lonely wolf" Wolfshant
<wolfy@fedoraproject.org> - 2.61-20
- remove world readable permissions of the config file (#962988)
* Sun Oct 14 2012 Manuel "lonely wolf" Wolfshant
<wolfy@fedoraproject.org> - 2.61-19
- Optional separation of TLS client key and certificate files
- Add patch enabling verification of TLS server ( #864894 )
- Correct %description and the source in order to reflect that sSMTP expands
which are read from a plain text file
* Sat Jun 30 2012 Manuel "lonely wolf" Wolfshant
<wolfy@fedoraproject.org> - 2.61-18
- Apply patch to fix addition of garbage at end of attachments

[ 1 ] Bug #962988 - ssmtp.conf is world readble which is a security risk when
using a password authentication

This update can be installed with the "yum" update program. Use
su -c 'yum update ssmtp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Neue Nachrichten