Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 5 Oct 2015 10:50:20 +0200
From: "Jason A. Donenfeld" <zx2c4@...too.org>
To: misc <misc@...nsmtpd.org>, oss-security <oss-security@...ts.openwall.com>, 
	gentoo-security@...too.org
Subject: Re: Remotely triggerable buffer overflow in OpenSMTPD

Hi folks,

On Mon, Oct 5, 2015 at 12:38 AM, Jason A. Donenfeld <Jason@...c4.com> wrote:
> impact etc. There's a remotely triggerable buffer overflow in
> OpenBSD's OpenSMTPD -- the latest version, 5.7.2 -- reachable by
> sending messages with huge header lines.

Fixed downstream in Gentoo with mail-mta/opensmtpd-5.7.2_p1-r1:

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f8e2fe24f3ff174d8515b82607e951e054f68f6

Users are encouraged to update immediately. It's worth noting that
this vulnerability was being triggered "in the wild" - hence the
rushed disclosure etc.

Regards,
Jason

-- 
Jason A. Donenfeld
Gentoo Linux Security & Infrastructure
zx2c4@...too.org
www.zx2c4.com
zx2c4.com/keys/A28BEDE08F1744E16037514806C4536755758000.asc

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ