Sicherheit: Denial of Service in opensmtpd
Aktuelle Meldungen Distributionen
Name: Denial of Service in opensmtpd
ID: FEDORA-2016-8c293109fe
Distribution: Fedora
Plattformen: Fedora 23
Datum: Mo, 24. Oktober 2016, 07:20
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8594
Applikationen: opensmtpd


Name        : opensmtpd
Product : Fedora 23
Version : 6.0.2p1
Release : 1.fc23
URL : http://www.opensmtpd.org/
Summary : Free implementation of the server-side SMTP protocol as defined
by RFC 5321
Description :
OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defined
by RFC 5321, with some additional standard extensions. It allows ordinary
machines to exchange e-mails with other systems speaking the SMTP protocol.
Started out of dissatisfaction with other implementations, OpenSMTPD nowadays
is a fairly complete SMTP implementation. OpenSMTPD is primarily developed
by Gilles Chehade, Eric Faurot and Charles Longeau; with contributions from
various OpenBSD hackers. OpenSMTPD is part of the OpenBSD Project.
The software is freely usable and re-usable by everyone under an ISC license.

This package uses standard "alternatives" mechanism, you may call
"/usr/sbin/alternatives --set mta /usr/sbin/sendmail.opensmtpd"
if you want to switch to OpenSMTPD MTA immediately after install, and
"/usr/sbin/alternatives --set mta /usr/sbin/sendmail.sendmail" to
back to Sendmail as a default mail daemon.

Update Information:

Changes in this release (since 6.0.1): --- - A bug in the smtp session logic
can lead to hanging sessions. [1] - A bug in portable OpenSMTPD can lead to a
server crash if PAM support is disabled and an attacker send a mail to an
account that has been disabled by setting password to a value that is causing
the crypt() call to fail. [2] [1] found and reported by James Pole [2] found
and reported by Patrick Seeburger (CVE-2016-8594) ---- Changes in this
(since 6.0.0): --- - A bug in the smtp session logic can lead to a server
crash. [1] [1] found and reported by Mickael Torres, thanks !

[ 1 ] Bug #1384046 - None
[ 2 ] Bug #1381402 - None

This update can be installed with the "yum" update program. Use
su -c 'yum update opensmtpd' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten