Date: Mon, 5 Oct 2015 10:50:20 +0200 From: "Jason A. Donenfeld" <zx2c4@...too.org> To: misc <misc@...nsmtpd.org>, oss-security <oss-security@...ts.openwall.com>, gentoo-security@...too.org Subject: Re: Remotely triggerable buffer overflow in OpenSMTPD Hi folks, On Mon, Oct 5, 2015 at 12:38 AM, Jason A. Donenfeld <Jason@...c4.com> wrote: > impact etc. There's a remotely triggerable buffer overflow in > OpenBSD's OpenSMTPD -- the latest version, 5.7.2 -- reachable by > sending messages with huge header lines. Fixed downstream in Gentoo with mail-mta/opensmtpd-5.7.2_p1-r1: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f8e2fe24f3ff174d8515b82607e951e054f68f6 Users are encouraged to update immediately. It's worth noting that this vulnerability was being triggered "in the wild" - hence the rushed disclosure etc. Regards, Jason -- Jason A. Donenfeld Gentoo Linux Security & Infrastructure zx2c4@...too.org www.zx2c4.com zx2c4.com/keys/A28BEDE08F1744E16037514806C4536755758000.asc
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ