[gentoo-announce] [ GLSA 201601-04 ] OpenSMTPD: Multiple vulnerabilities - gentoo-announce

From:	Sergey Popov <pinkbyte@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201601-04 ] OpenSMTPD: Multiple vulnerabilities
Date:	Wed, 27 Jan 2016 06:53:07
Message-Id:	`56A8676B.7020307@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201601-04

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: OpenSMTPD: Multiple vulnerabilities

9

     Date: January 27, 2016

10

     Bugs: #562034, #562290

11

       ID: 201601-04

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in OpenSMTPD, the worst

19

allowing remote attackers to execute arbitrary code.

20

21

Background

22

==========

23

24

OpenSMTPD is a lightweight but featured SMTP daemon from OpenBSD.

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package              /     Vulnerable     /            Unaffected

31

    -------------------------------------------------------------------

32

  1  mail-mta/opensmtpd          < 5.7.3_p1               >= 5.7.3_p1

33

34

Description

35

===========

36

37

Multiple vulnerabilities have been discovered in OpenSMTPD. Please

38

review the CVE identifiers referenced below for details.

39

40

Impact

41

======

42

43

A remote attacker could possibly execute arbitrary code with the

44

privileges of the process, or cause a Denial of Service condition.

45

46

Workaround

47

==========

48

49

There is no known workaround at this time.

50

51

Resolution

52

==========

53

54

All OpenSMTPD users should upgrade to the latest version:

55

56

  # emerge --sync

57

  # emerge --ask --oneshot --verbose ">=mail-mta/opensmtpd-5.7.3_p1"

58

59

References

60

==========

61

62

63

Availability

64

============

65

66

This GLSA and any updates to it are available for viewing at

67

the Gentoo Security Website:

68

69

 https://security.gentoo.org/glsa/201601-04

70

71

Concerns?

72

=========

73

74

Security is a primary focus of Gentoo Linux and ensuring the

75

confidentiality and security of our users' machines is of utmost

76

importance to us. Any security concerns should be addressed to

77

security@g.o or alternatively, you may file a bug at

78

https://bugs.gentoo.org.

79

80

License

81

=======

82

83

Copyright 2016 Gentoo Foundation, Inc; referenced text

84

belongs to its owner(s).

85

86

The contents of this document are licensed under the

87

Creative Commons - Attribution / Share Alike license.

88

89

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201601-04
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: OpenSMTPD: Multiple vulnerabilities
9	Date: January 27, 2016
10	Bugs: #562034, #562290
11	ID: 201601-04
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in OpenSMTPD, the worst
19	allowing remote attackers to execute arbitrary code.
20
21	Background
22	==========
23
24	OpenSMTPD is a lightweight but featured SMTP daemon from OpenBSD.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 mail-mta/opensmtpd < 5.7.3_p1 >= 5.7.3_p1
33
34	Description
35	===========
36
37	Multiple vulnerabilities have been discovered in OpenSMTPD. Please
38	review the CVE identifiers referenced below for details.
39
40	Impact
41	======
42
43	A remote attacker could possibly execute arbitrary code with the
44	privileges of the process, or cause a Denial of Service condition.
45
46	Workaround
47	==========
48
49	There is no known workaround at this time.
50
51	Resolution
52	==========
53
54	All OpenSMTPD users should upgrade to the latest version:
55
56	# emerge --sync
57	# emerge --ask --oneshot --verbose ">=mail-mta/opensmtpd-5.7.3_p1"
58
59	References
60	==========
61
62
63	Availability
64	============
65
66	This GLSA and any updates to it are available for viewing at
67	the Gentoo Security Website:
68
69	https://security.gentoo.org/glsa/201601-04
70
71	Concerns?
72	=========
73
74	Security is a primary focus of Gentoo Linux and ensuring the
75	confidentiality and security of our users' machines is of utmost
76	importance to us. Any security concerns should be addressed to
77	security@g.o or alternatively, you may file a bug at
78	https://bugs.gentoo.org.
79
80	License
81	=======
82
83	Copyright 2016 Gentoo Foundation, Inc; referenced text
84	belongs to its owner(s).
85
86	The contents of this document are licensed under the
87	Creative Commons - Attribution / Share Alike license.
88
89	http://creativecommons.org/licenses/by-sa/2.5