Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 5 Oct 2015 10:50:20 +0200
From: "Jason A. Donenfeld" <>
To: misc <>, oss-security <>,
Subject: Re: Remotely triggerable buffer overflow in OpenSMTPD

Hi folks,

On Mon, Oct 5, 2015 at 12:38 AM, Jason A. Donenfeld <> wrote:
> impact etc. There's a remotely triggerable buffer overflow in
> OpenBSD's OpenSMTPD -- the latest version, 5.7.2 -- reachable by
> sending messages with huge header lines.

Fixed downstream in Gentoo with mail-mta/opensmtpd-5.7.2_p1-r1:

Users are encouraged to update immediately. It's worth noting that
this vulnerability was being triggered "in the wild" - hence the
rushed disclosure etc.


Jason A. Donenfeld
Gentoo Linux Security & Infrastructure

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ