Sicherheit: Zwei Probleme in opensmtpd

Lesezeichen hinzufügen

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2021-848fd34b0b
2021-01-30 01:53:46.555441
-------------------------------------------------------------------------------
-

Name : opensmtpd
Product : Fedora 33
Version : 6.8.0p2
Release : 1.fc33
URL : http://www.opensmtpd.org/
Summary : Free implementation of the server-side SMTP protocol as defined
by RFC 5321
Description :
OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defined
by RFC 5321, with some additional standard extensions. It allows ordinary
machines to exchange e-mails with other systems speaking the SMTP protocol.
Started out of dissatisfaction with other implementations, OpenSMTPD nowadays
is a fairly complete SMTP implementation. OpenSMTPD is primarily developed
by Gilles Chehade, Eric Faurot and Charles Longeau; with contributions from
various OpenBSD hackers. OpenSMTPD is part of the OpenBSD Project.
The software is freely usable and re-usable by everyone under an ISC license.

This package uses standard "alternatives" mechanism, you may call
"/usr/sbin/alternatives --set mta /usr/sbin/sendmail.opensmtpd"
if you want to switch to OpenSMTPD MTA immediately after install, and
"/usr/sbin/alternatives --set mta /usr/sbin/sendmail.sendmail" to
revert
back to Sendmail as a default mail daemon.

-------------------------------------------------------------------------------
-
Update Information:

**opensmtpd 6.8.0p2** New Features: - ECDSA privsep engine support for
OpenSSL, sponsored by anonymous community member Bug fixes: - Fixed a
resolver memory leak as well as a regex table memory leak - Fixed a bug in the
filters state machine leading to a possible crash of the daemon - Fixed the
logging format which output truncated process names on some systems - Fixed
build on macOS - Various man page improvements
-------------------------------------------------------------------------------
-
ChangeLog:

* Wed Jan 20 2021 Denis Fateyev <denis@fateyev.com> - 6.8.0p2-1
- Update to 6.8.0p2 release
* Thu Sep 17 2020 Denis Fateyev <denis@fateyev.com> - 6.7.1p1-3
- Rebuild for libevent soname change
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1910343 - opensmtpd-6.8.0p2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1910343
[ 2 ] Bug #1911290 - CVE-2020-35679 opensmtpd: memory leak via messages to an
instance that performs many regex lookups due to a missing regfree call [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1911290
[ 3 ] Bug #1911294 - CVE-2020-35680 opensmtpd: NULL pointer dereference via a
crafted pattern of client activity [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1911294
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-848fd34b0b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org