drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in opensmtpd
| Name: |
Denial of Service in opensmtpd |
|
| ID: |
FEDORA-2016-828a156ea3 |
|
| Distribution: |
Fedora |
|
| Plattformen: |
Fedora 24 |
|
| Datum: |
Mo, 24. Oktober 2016, 07:22 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8594 |
|
| Applikationen: |
OpenSMTPD |
|
Originalnachricht |
Name : opensmtpd
Product : Fedora 24
Version : 6.0.2p1
Release : 1.fc24
URL : http://www.opensmtpd.org/
Summary : Free implementation of the server-side SMTP protocol as defined
by RFC 5321
Description :
OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defined
by RFC 5321, with some additional standard extensions. It allows ordinary
machines to exchange e-mails with other systems speaking the SMTP protocol.
Started out of dissatisfaction with other implementations, OpenSMTPD nowadays
is a fairly complete SMTP implementation. OpenSMTPD is primarily developed
by Gilles Chehade, Eric Faurot and Charles Longeau; with contributions from
various OpenBSD hackers. OpenSMTPD is part of the OpenBSD Project.
The software is freely usable and re-usable by everyone under an ISC license.
This package uses standard "alternatives" mechanism, you may call
"/usr/sbin/alternatives --set mta /usr/sbin/sendmail.opensmtpd"
if you want to switch to OpenSMTPD MTA immediately after install, and
"/usr/sbin/alternatives --set mta /usr/sbin/sendmail.sendmail" to
revert
back to Sendmail as a default mail daemon.
-------------------------------------------------------------------------------
-
Update Information:
Changes in this release (since 6.0.1): --- - A bug in the smtp session logic
can lead to hanging sessions. [1] - A bug in portable OpenSMTPD can lead to a
server crash if PAM support is disabled and an attacker send a mail to an
account that has been disabled by setting password to a value that is causing
the crypt() call to fail. [2] [1] found and reported by James Pole [2] found
and reported by Patrick Seeburger (CVE-2016-8594) ---- Changes in this
release
(since 6.0.0): --- - A bug in the smtp session logic can lead to a server
crash. [1] [1] found and reported by Mickael Torres, thanks !
-------------------------------------------------------------------------------
-
References:
[ 1 ] Bug #1384046 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1384046
[ 2 ] Bug #1381402 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1381402
-------------------------------------------------------------------------------
-
This update can be installed with the "yum" update program. Use
su -c 'yum update opensmtpd' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
|
|
|
|
